Skip to main content

Home Plugx


Also known as: Tigerplug, Korplug, Destroy RAT, RedDelta, Kaba, Sogu

Category: Malware

Type: Remote access trojan (RAT)

Platforms: Windows


Damage potential: Data theft, espionage, system compromise, remote access, backdoor capabilities


Plugx is a remote access trojan that has been in the wild since 2008. Plugx gives attackers control over compromised devices so that they can copy and modify the victim’s files, record keystrokes, capture screenshots and videos, or reboot the system.

Recently, attackers started spreading a newer strain of Plugx via USB drives. If a victim connects an infected device to their computer, Plugx can copy the victim's Microsoft Word and PDF files inside a hidden directory of the USB drive without permission.

Possible symptoms

Plugx can modify system settings to bypass security software or hide inside legitimate processes, but subtle signs might indicate its presence:

  • An unusual increase in network traffic.
  • Unexpected system behavior, such as crashing or slower performance.
  • Unauthorized changes in system settings.
  • Error messages and failed login attempts.

Sources of infection

Malicious attachments in phishing emails, infected USB drives, drive-by (unintentional) downloads from malware-hosting websites, or fake software updates can spread Plugx.


Here are some protective measures to use against Plugx and similar cyber threats:

  • Always be cautious about email attachments, especially from unknown senders.
  • Avoid downloading files or software from unofficial sources.
  • Check downloads for viruses with NordVPN’s Threat Protection Pro.
  • Do not plug unknown USB drives into your computer.
  • Scan USB drives before using.
  • Make sure your operating systems and software are updated.
  • Install a reputable antivirus solution.
  • Enable multi-factor authentication.
  • Regularly back up important data.


Follow these steps to remove Plugx from an infected device with antivirus software:

  • Disconnect from the internet to stop Plugx from communicating with its command and control servers.
  • Run a full system scan and follow the software instructions.
  • Restart your device.
  • If you’re unsure about how to perform a complete removal, consider getting professional help.