Palo Alto Networks published a blog discussing research by its Unit 42 of a newly discovered variant of PlugX malware. This variant has a few unique capabilities, including the ability to hide itself within a USB using a novel technique that’s effective on the current Windows OS and that can only be detected using specialized forensic tools. It then copies all Adobe PDF and Microsoft Word files from the attached machine and spreads to any other removable drives (e.g., floppy, thumb, or flash) connected to the system. While PlugX has been used for years by many groups believed to be sponsored by the Chinese government, cybercrime groups, including ransomware, have also adopted it. Utilities that allow USBs within the environment are encouraged to tightly control and monitor their usage. Read more at Palo Alto Networks.
Related post from WaterISAC: OT/ICS Security – USB Storage Devices are Still a Universal Threat to Industrial Operations