VERY IMPORTANT

In September 2023, Sekoia.io successfully sinkholed a command and control server linked to the PlugX worms, gaining access to the unique IP address tied to this variant for just $7. Despite the campaign being inactive since 2020, between 90,000 to 100,000 unique public IP addresses were still infected, sending distinctive PlugX requests daily to the sinkhole. After studying the cryptography of PlugX's communications, it was discovered that disinfection commands could be sent to compromised workstations, either disinfecting only the workstation or disinfecting both the workstation and USB drive. However, legal limitations prevent a complete removal of the worm globally.