Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Androxgh0st Botnet Integrates With Mozi

November 8, 2024
Reading Time: 2 mins read
in Alerts
Androxgh0st Botnet Integrates With Mozi

The Androxgh0st botnet, which initially targeted web servers, has recently evolved by integrating components from the notorious Mozi botnet. This merger significantly enhances Androxgh0st’s ability to exploit vulnerabilities in both web applications and Internet of Things (IoT) devices. Researchers from CloudSEK’s XVigil platform discovered that Androxgh0st now utilizes Mozi’s payload delivery mechanisms, allowing it to infect IoT devices, such as routers and security cameras, without requiring separate infection routines. This integration allows for faster and broader propagation of malicious activities across a wide variety of devices.

The botnet’s expanded attack capabilities now target a diverse range of vulnerabilities, including those in Cisco ASA, Atlassian JIRA, and Metabase. In particular, Androxgh0st exploits cross-site scripting (XSS) flaws in Cisco ASA, path traversal vulnerabilities in Atlassian JIRA, and local file inclusion bugs in Metabase. These vulnerabilities, along with others in PHP frameworks and Apache Web Server, enable the botnet to run arbitrary code, gain backdoor access, or leak sensitive data from compromised systems. The ability to exploit such a wide array of weaknesses underscores the botnet’s growing sophistication.

In addition to targeting well-established vulnerabilities, Androxgh0st has adapted to exploit newly discovered flaws, such as CVE-2023-1389 and CVE-2024-36401. These vulnerabilities, found in devices like TP-Link routers and GeoServer, give attackers the ability to take control of vulnerable devices and propagate malware with minimal resistance. The botnet’s operational flexibility also extends to IoT devices, which are increasingly vulnerable to attack due to weak security configurations. Researchers have found that Androxgh0st is particularly effective at targeting misconfigured routers and devices, expanding its reach into home and enterprise networks.

The geographic scope of Androxgh0st’s attacks is equally concerning, with countries such as Germany, the U.S., and India seeing the highest levels of infection. These countries are among the top targets due to the large number of exposed devices. Organizations and individuals alike are urged to promptly patch vulnerabilities that Androxgh0st exploits, monitor network traffic for unusual activity, and regularly audit server and device logs. As Androxgh0st continues to expand its attacks, it remains crucial for global cybersecurity defenses to evolve in order to counter this increasingly complex and widespread threat.

Reference:
  • Androxgh0st Botnet Integrates Mozi and Expands Attacks on IoT and Web
Tags: AndroxGh0stBotnetCross Site ScriptingCyber AlertsCyber Alerts 2024Cyber threatsInternet of thingsMozi botnetNovember 2024Vulnerabilities
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial