A malware originating from China has now been contained after the FBI gained a court order to have the harmful code deleted from thousands of Windows PCs.

The agency has successfully put an end to the reign of the PlugX malware in the U.S., which has affected over 2.5 million devices globally by infiltrating infected USB drives, PCMag noted.

Working with the FBI, the Justice Department has confirmed that it has been granted court sanction to remove the malware from nearly 4,260 computers and networks in the U.S. as of Tuesday. With the resolution announced, the FBI is set to notify owners of infected machines via their internet service providers.

This is just one instance of federal departments getting control of a serious cybersecurity risk. However, its resolution notes the importance of ongoing cybersecurity research. The Justice Department detailed that the actors behind the attack are a private group of Chinese state-sponsored hackers called “Mustang Panda” that developed a unique version of PlugX malware for the ongoing mission.

PlugX first surfaced in 2008 when it was used as a backdoor vulnerability for bad actors to secretly control Windows machines. By 2020, the malware had been updated to allow it to infiltrate USB drives as well as connected PCs. This is described as a “wormable” malware that can transfer between computers via infected peripherals.

French cybersecurity vendor Sekoia observed that Mustang Panda eventually lacked the resources to support the number of machines it had infected with the PlugX malware and ultimately abandoned the project.

Similarly, antivirus provider Sophos observed several PlugX infections originating from a single IP address source. In September 2023,  collaborating with Sekoia, the cybersecurity vendor paid just $7 to gain access to the IP address and the infected machines. Further research uncovered a self-delete command within the PlugX code.

In July 2024, law enforcement in France allowed the self-deleting mechanism to be used to remedy the infected machines. Since then, 22 other countries have also followed suit.

While it is not clear how the U.S. entities plan to remove the malware from domestic PCs, the FBI testified in an affidavit that it has tested this self-delete command, confirming that it only removes the malware and does not affect any other device functions or transfer any other unwarranted code.