PlugX

Plugx is a RAT that unables attacker to remotely control affected devices with a wide range of capabilities. PlugX allows attacker rebooting systems, keylogging, managing critical system processes, and file upload/downloads. One technique PlugX heavily relies on is dynamic-link library (DLL) sideloading to infiltrate devices. This technique involves executing a malicious payload that is embedded within a benign executable found in a data link library (DLL) , The embedded payload within the DLL is often encrypted or obfuscated to prevent detection. Around August 2022 a new variation of PlugX was reported to continuously monitor affected environments for new USB devices to infect, allowing it to spread further through compromised networks. The new PlugX variant also has the ability to create a hidden directory, “RECYCLER.BIN”, containing a collection of stolen documents, likely in preparation for exfiltration via its command and control (C2) channels0