According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”
To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.
It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct. Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX. Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.
The title is a bit blick-batey as it implies the FBI did it directly to said computers.
In a way, the FBI did, but your point about click bait is still valid.
By compromising the Command-and-Control server of the malware, they were able to have it direct clients to uninstall.
This does make me think about meanings of such things in today’s deeply-interconnected world. For example, when a corporate admin tells their software management system to install/uninstall apps from machines, isn’t that the same thing? (A bit rhetorical, more of something to think about, since I don’t have a good answer to this).