Online researchers have recently identified a major evolution in the Androxgh0st botnet, which has grown more dangerous with the integration of the Mozi botnet’s capabilities.
What began as a web server-targeted attack in early 2024 has now expanded, allowing Androxgh0st to exploit vulnerabilities in IoT devices, CloudSEK’s Threat Research team has said.
Its latest report claims the botnet is now equipped with Mozi’s advanced techniques for infecting and spreading across a wide range of networked devices.
Mozi, previously known for infecting IoT devices like Netgear and D-Link routers, was believed to be inactive following a killswitch activation in 2023.
However, CloudSEK has revealed Androxgh0st has integrated Mozi’s propagation capabilities, significantly amplifying its potential to target IoT devices.
By deploying Mozi’s payloads, Androxgh0st now has a unified botnet infrastructure that leverages specialized tactics to infiltrate IoT networks. This fusion enables the botnet to spread more efficiently through vulnerable devices, including routers and other connected technology, making it a more formidable force.
Beyond its integration with Mozi, Androxgh0st has expanded its range of targeted vulnerabilities, exploiting weaknesses in critical systems. CloudSEK’s analysis shows Androxgh0st is now actively attacking major technologies, including Cisco ASA, Atlassian JIRA, and several PHP frameworks.
No comments:
Post a Comment