Mustang Panda Launches PlugX RAT Campaign via Fake Browser Update
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Mustang Panda, a Chinese state-sponsored threat group, has initiated a cyberattack campaign deploying the PlugX remote access tool (RAT). The attack utilizes a fake browser updater to trick users into downloading a multi-stage malware loader. This loader employs a combination of LNK and PowerShell scripts to sideload PlugX through a legitimate antivirus binary. The malware communicates with a hard-coded command and control (C2) server over HTTPS, using layered encryption to conceal its configuration. The campaign is characterized by its sophisticated methods and is indicative of the group's ongoing focus on espionage and data theft. Organizations using G DATA antivirus software may be particularly vulnerable to this attack. The current status of the campaign is active, with ongoing monitoring required.
Key Points: • Mustang Panda is deploying PlugX RAT through a fake browser updater. • The attack uses a multi-stage LNK and PowerShell loader to sideload malware. • G DATA antivirus users are specifically targeted in this campaign.