"Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices"

Researchers discovered a PlugX sample that uses methods to infect attached removable USB media devices in order to spread the malware to other systems. According to Palo Alto Networks Unit 42 researchers, this PlugX variation is wormable and infects USB devices in such a way that it hides itself from the Windows operating file system. A user would be unaware that their USB device is infected or being exploited to exfiltrate data from their networks. The artifact was discovered during an incident response operation during a Black Basta ransomware attack on an unspecified victim. The Gootkit malware loader and the Brute Ratel C4 red team framework were among the other tools detected in the infected environment. The USB variant of PlugX uses a Unicode character known as non-breaking space (U+00A0) to hide files in a USB device inserted into a workstation. This article continues to discuss findings surrounding the new PlugX malware variant being spread through USB devices. 

THN reports "Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices"