AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

Nov. 8, 2024, 7:22 p.m.

Description

The AndroxGh0st malware has expanded its capabilities by incorporating the Mozi botnet to target IoT devices and cloud services. This Python-based tool, known for attacking Laravel applications, now exploits a wider range of vulnerabilities in internet-facing applications. The malware uses remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures. AndroxGh0st's integration with Mozi suggests a possible operational alliance, allowing it to propagate to more devices. The botnet cycles through common administrative usernames and targets WordPress backends. This collaboration enhances the effectiveness and efficiency of their combined botnet operations, potentially indicating control by the same cybercriminal group.

External References

https://thehackernews.com/2024/11/androxgh0st-malware-integrates-mozi.html
https://otx.alienvault.com/pulse/672e5992d5dcfa4f549fe33b
Tags
iot
botnet
wordpress
CVE-2024-4577
CVE-2018-10562
CVE-2018-10561
androxgh0st
remote code execution
cloud services
credential stealing
CVE-2022-1040
2024-11-08
mozi
laravel
CVE-2022-21587
CVE-2024-36401
CVE-2021-41277
CVE-2023-1389
CVE-2021-26086
CVE-2014-2120

Date

  • Created: Nov. 8, 2024, 6:33 p.m.
  • Published: Nov. 8, 2024, 6:33 p.m.
  • Modified: Nov. 8, 2024, 7:22 p.m.

Indicators

  • 200.124.241.140
Download all indicators here!

Attack Patterns

  • Mozi
  • Androxgh0st
  • Androxgh0st