Chinese PlugX Malware Hidden in Your USB Devices?

This PlugX malware also hides actor files in a USB device using a novel technique that works even on the most recent Windows operating systems (OS) at the time of writing this post. This means the malicious files can only be viewed on a Unix-like (*nix) OS or by mounting the USB device in a forensic tool.

There are two files using "App" as extension (libeay32.dll & ssleay32.dll) and one file using "_" as an extension (a5e5cb8a_78be9242_000f779d). The files uses a name of "App", which is the same name used by Microsoft for Dynamic Link Library (*Dll) files...

It was observed that (*Dll) files with this name are used in similar attacks from other threat actors and not just by PlugX .

What is a DLL file?

A DLL (Dynamic Link Library) file is essentially a static library that contains resources or code (a function etc.) to use by multiple processes running on the same machine. Applications use DLL files specifically to share data and code between them, so that each process only has to load the DLL once even though there can be multiple instances of it running on the same machine.

Source: Chinese PlugX Malware Hidden in Your USB Devices? - AlienVault - Open Threat Exchange

This PlugX malware also hides actor files in a USB device using a novel technique that works even on the most recent Windows operating systems (OS) at the time of writing this post. This means the malicious files can only be viewed on a Unix-like (*nix) OS or by mounting the USB device in a forensic tool.

There are two files using "App" as extension (libeay32.dll & ssleay32.dll) and one file using "_" as an extension (a5e5cb8a_78be9242_000f779d). The files uses a name of "App", which is the same name used by Microsoft for Dynamic Link Library (*Dll) files...

It was observed that (*Dll) files with this name are used in similar attacks from other threat actors and not just by PlugX .

What is a DLL file?

A DLL (Dynamic Link Library) file is essentially a static library that contains resources or code (a function etc.) to use by multiple processes running on the same machine. Applications use DLL files specifically to share data and code between them, so that each process only has to load the DLL once even though there can be multiple instances of it running on the same machine.

Source: Chinese PlugX Malware Hidden in Your USB Devices? - AlienVault - Open Threat Exchange

Need secure managed IT for your business?