PlugX

Posted: October 31, 2014

PlugX Description

PlugX is one in a series of backdoor Trojans sometimes employed by Chinese hackers for compromising systems including major civilian corporations, military contractors, NGOs and government entities. Although PlugX may be just a stepping stone between an initial attack and the installation of more advanced threats than itself, even alone, PlugX provides remote attackers with advanced features for controlling your PC. General anti-malware security and, in particular, caution over e-mail protocols should be exercised to prevent any need for finding or deleting PlugX.

PlugX: the Hole that E-Mail Chisels into Your PC's Security

The infamous cyber-espionage group of Axiom has a well-examined preference for using various backdoor Trojans as the lynchpin threats in their attacks, which target everything from Google to US defense-contracting companies. PlugX is one such lynchpin Trojan, and, like other backdoor Trojans from this group, favors e-mail distribution methods. Messages tend to disguise as benevolent news articles or business communications, with attachments bearing the file names of documents or spreadsheets. However, the guilty attachments host concealed exploits for installing PlugX.

PlugX may install itself in more than one variant, with significant structural differences between them. Two particular traits malware experts find worthy of outlining include PlugX's potential for injecting its code into a memory process, along with its use of DLL side-loading attacks. The latter exploit allowed PlugX to trick legitimate programs into loading some of its components. Conveniently, these features may block both visual detection of PlugX as well as its detection by poorly-equipped anti-malware solutions.

PlugX's backdoor connection allows third parties to install threatening software, issue system commands or performance other, general attacks. The latter may include installing PoisonIvy, a second backdoor Trojan. Unlike Naid, PlugX uses random network ports for its C&C communications.

Plugging the Security Holes Enjoyed by PlugX

Updated anti-malware tools should have no difficulties in detecting old PlugX attacks, although Axiom does have known predilections for abusing zero-day vulnerabilities, in some of their campaigns. Regardless, adhering to general, safe e-mail behavior and avoiding file attachments you haven't confirmed for their safety will provide the bulk of protection your PC requires against PlugX installers. Variable formats for these Trojans necessitate extremely thorough anti-malware scans for deleting PlugX or other threats linked to PlugX. However, PlugX hasn't extended its features to rootkit-based attacks, which makes PlugX relatively less of a threat than other backdoor Trojans by the same organization.

Similarly, updates also can protect your PC from the vulnerabilities used to install PlugX or launch its components. Microsoft Excel, PDF readers and even some brands of security programs were unwilling actors in PlugX campaigns, with the relevant companies providing security patches – after the fact. Unfortunately, the industrious nature of Axiom means that PC security institutions are in a constant race to detect the latest threats like PlugX, with the ultimate outcome still in doubt.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PlugX may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.