Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

Nov. 8, 2024, 7:22 p.m.

Description

The AndroxGh0st malware has expanded its capabilities by incorporating the Mozi botnet to target IoT devices and cloud services. This Python-based tool, known for attacking Laravel applications, now exploits a wider range of vulnerabilities in internet-facing applications. The malware uses remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures. AndroxGh0st's integration with Mozi suggests a possible operational alliance, allowing it to propagate to more devices. The botnet cycles through common administrative usernames and targets WordPress backends. This collaboration enhances the effectiveness and efficiency of their combined botnet operations, potentially indicating control by the same cybercriminal group.

Date

Published: Nov. 8, 2024, 6:33 p.m.

Created: Nov. 8, 2024, 6:33 p.m.

Modified: Nov. 8, 2024, 7:22 p.m.

Indicators

200.124.241.140

Attack Patterns

Mozi

Androxgh0st

Androxgh0st

T1110

T1105

T1569

T1498

T1190

T1133

T1078

T1059