Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT
Mustang Panda is using a fake “Browser Updater” and a multi‑stage LNK–PowerShell loader to sideload PlugX through a legitimate G DATA antivirus binary, ultim...
PlugX
RAT
RAT used extensively by Chinese APT groups for long-term espionage operations. Includes self-spreading USB worm variant.
Also known as: plugx, korplug, thudtrak, kaba, sogu
AI Intelligence Brief cached
Related YARA Rules View all on YARA Rules page →
90-Day Activity
Last 90 Days (2)
Last 90 Days
All Time
Fake Claude Campaign Uses PlugX-Style DLL Sideloading Chain
Hackers are abusing a fake Claude AI download site to deliver a PlugX‑style DLL sideloading chain that ultimately deploys a new Windows backdoor dubbed “Beag...