PlugX
PlugX is one in a series of backdoor Trojans sometimes employed by Chinese hackers for compromising systems including major civilian corporations, military contractors, NGOs and government entities. Although PlugX may be just a stepping stone between an initial attack and the installation of more advanced threats than itself, even alone, PlugX provides remote attackers with advanced features for controlling your PC. General anti-malware security and, in particular, caution over e-mail protocols should be exercised to prevent any need for finding or deleting PlugX.
PlugX: the Hole that E-Mail Chisels into Your PC's Security
The infamous cyber-espionage group of Axiom has a well-examined preference for using various backdoor Trojans as the lynchpin threats in their attacks, which target everything from Google to US defense-contracting companies. PlugX is one such lynchpin Trojan, and, like other backdoor Trojans from this group, favors e-mail distribution methods. Messages tend to disguise as benevolent news articles or business communications, with attachments bearing the file names of documents or spreadsheets. However, the guilty attachments host concealed exploits for installing PlugX.
PlugX may install itself in more than one variant, with significant structural differences between them. Two particular traits malware experts find worthy of outlining include PlugX's potential for injecting its code into a memory process, along with its use of DLL side-loading attacks. The latter exploit allowed PlugX to trick legitimate programs into loading some of its components. Conveniently, these features may block both visual detection of PlugX as well as its detection by poorly-equipped anti-malware solutions.
PlugX's backdoor connection allows third parties to install threatening software, issue system commands or performance other, general attacks. The latter may include installing PoisonIvy, a second backdoor Trojan. Unlike Naid, PlugX uses random network ports for its C&C communications.
Plugging the Security Holes Enjoyed by PlugX
Updated anti-malware tools should have no difficulties in detecting old PlugX attacks, although Axiom does have known predilections for abusing zero-day vulnerabilities, in some of their campaigns. Regardless, adhering to general, safe e-mail behavior and avoiding file attachments you haven't confirmed for their safety will provide the bulk of protection your PC requires against PlugX installers. Variable formats for these Trojans necessitate extremely thorough anti-malware scans for deleting PlugX or other threats linked to PlugX. However, PlugX hasn't extended its features to rootkit-based attacks, which makes PlugX relatively less of a threat than other backdoor Trojans by the same organization.
Similarly, updates also can protect your PC from the vulnerabilities used to install PlugX or launch its components. Microsoft Excel, PDF readers and even some brands of security programs were unwilling actors in PlugX campaigns, with the relevant companies providing security patches – after the fact. Unfortunately, the industrious nature of Axiom means that PC security institutions are in a constant race to detect the latest threats like PlugX, with the ultimate outcome still in doubt.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.