ThreatCluster

PlugX USB Worm Variant Spreads Globally via DLL Sideloading

First seen 14 Apr 2026, 17:00 UTC GbhackersCybersecuritynews 93% similarity 61

Article Content

Browse articles
ThreatCluster

A new variant of the PlugX USB worm is causing infections across multiple continents, utilizing DLL sideloading and USB-based propagation techniques to remain undetected. Initially identified in Papua New Guinea in August 2022, this worm has since re-emerged in January 2023 in both Papua New Guinea and Ghana, and has been reported in several other countries including Mongolia, Zimbabwe, and Nigeria. The worm's stealthy nature and widespread reach, spanning nearly ten time zones, indicate a significant threat to organizations globally. The exact number of infections is currently unknown, but the worm's ability to evade detection raises concerns about its potential impact on critical systems. Security professionals are advised to monitor for signs of infection and implement preventive measures against USB-based threats.

Key Points: • The PlugX worm variant uses DLL sideloading and USB drives for propagation. • First detected in Papua New Guinea in August 2022, it has spread to multiple countries. • The worm's stealthy nature makes it difficult to detect and mitigate.

ThreatCluster AI

Timeline

2022-08-01
PlugX worm first observed in Papua New Guinea
2023-01-01
PlugX worm resurfaces in Papua New Guinea and Ghana
2026-04-14
Current reports of PlugX worm infections across multiple continents

Community

Browse all →