PlugX USB Worm Variant Spreads Globally via DLL Sideloading

Severity: High (Score: 60.5)

Sources: Gbhackers, Cybersecuritynews

Summary

A new variant of the PlugX USB worm is causing infections across multiple continents, utilizing DLL sideloading and USB-based propagation techniques to remain undetected. Initially identified in Papua New Guinea in August 2022, this worm has since re-emerged in January 2023 in both Papua New Guinea and Ghana, and has been reported in several other countries including Mongolia, Zimbabwe, and Nigeria. The worm's stealthy nature and widespread reach, spanning nearly ten time zones, indicate a significant threat to organizations globally. The exact number of infections is currently unknown, but the worm's ability to evade detection raises concerns about its potential impact on critical systems. Security professionals are advised to monitor for signs of infection and implement preventive measures against USB-based threats. Key Points: • The PlugX worm variant uses DLL sideloading and USB drives for propagation. • First detected in Papua New Guinea in August 2022, it has spread to multiple countries. • The worm's stealthy nature makes it difficult to detect and mitigate.

Key Entities

• Worm (attack_type)
• Ghana (country)
• Mongolia (country)
• Nigeria (country)
• Papua New Guinea (country)
• Zimbabwe (country)
• PlugX (malware)
• T1091 - Replication Through Removable Media (mitre_attack)
• T1574 - Hijack Execution Flow (mitre_attack)