“PlugX” spy malware, linked to China-funded hacker groups Mustang Panda and Twill Typhoon, has been removed from thousands of computers globally in an operation led by French law enforcement and cybersecurity company Sekoia.io, alongside the FBI and Department of Justice. The malware was used to infiltrate and control thousands of computer systems since at least 2014, targeting US citizens, government bodies, businesses, and Chinese groups. Investigations into Mustang Panda’s activities are ongoing.

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The