DOJ deletes Chinese malware from thousands of U.S. computers

The U.S. Department of Justice on Tuesday said that it deleted a nefarious Chinese software called PlugX from over 4,250 American computers. The Chinese government paid the Chinese hacking group Mustang Panda, also known as Twill Typhoon, to develop the software, according to court documents cited by the DOJ.

After PlugX infected the computers, it would control them and steal information from them. Those computers’ owners were typically unaware of the fact that their system was infected, according to a news release from the DOJ. Mustang Panda used the PlugX software in campaigns targeting U.S. individuals, Chinese dissident groups, and foreign businesses and governments, according to the DOJ.

So what exactly happened? The French government led an international operation to wipe the software off computers worldwide. It did so after Sekoia.io, a French cybersecurity company developed a procedure to delete the PlugX software off computers. The DOJ then obtained warrants from a federal court in Pennsylvania to use the formula developed by Sekoia.io and delete PlugX on computers inside the United States.

How did the DOJ access the computers? The Pennsylvania federal court allowed the DOJ to remotely reach into devices infected with PlugX across the country and delete the software. The target devices would not be affected in any way by the DOJ’s intervention, the department told the court.

Were people aware the DOJ was deleting this off their computer? The FBI will notify people with computers affected by the DOJ’s operation through their internet providers, according to the DOJ’s news release.

Dig deeper: Read Lauren Canterberry’s report in The Sift about a New York City man running a secret police station in the United States for the Chinese government.