AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

SUMMARY :

The AndroxGh0st malware has expanded its capabilities by incorporating the Mozi botnet to target IoT devices and cloud services. This Python-based tool, known for attacking Laravel applications, now exploits a wider range of vulnerabilities in internet-facing applications. The malware uses remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures. AndroxGh0st's integration with Mozi suggests a possible operational alliance, allowing it to propagate to more devices. The botnet cycles through common administrative usernames and targets WordPress backends. This collaboration enhances the effectiveness and efficiency of their combined botnet operations, potentially indicating control by the same cybercriminal group.

OPENCTI LABELS :

botnet,remote code execution,wordpress,cve-2022-21587,iot,cve-2024-4577,androxgh0st,mozi,cve-2018-10562,cve-2018-10561,credential stealing,cloud services,cve-2022-1040,cve-2024-36401,cve-2021-41277,laravel,cve-2023-1389,cve-2021-26086,cve-2014-2120


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services