Mustang Panda Launches PlugX RAT Campaign via Fake Browser Update

Mustang Panda has launched a high-severity campaign deploying the PlugX RAT via a fake browser updater; the attack uses a multi-stage LNK + PowerShell loader to sideload PlugX through a G DATA antivirus binary and beacons to a hard-coded HTTPS C2 with layered encryption, prompting monitoring of LNK/PowerShell activity and unusual HTTPS connections.