A recent report by CloudSEK’s Threat Research team has shed light on significant developments in the Androxgh0st botnet, indicating its strategic expansion and integration with elements from the Mozi botnet. The Androxgh0st botnet, which has been active since January 2024, has started targeting web servers by exploiting vulnerabilities to infiltrate systems.
The latest findings suggest that Androxgh0st is incorporating Mozi’s Internet of Things (IoT)-focused payloads, raising concerns about a potential partnership between the two botnets. This alliance could result in even more sophisticated and widespread cyber threats in the future.
CloudSEK’s investigation has revealed that Androxgh0st is taking advantage of various vulnerabilities in popular technologies such as Cisco ASA, Atlassian JIRA, and multiple PHP frameworks. These vulnerabilities allow unauthorized access and remote code execution, enabling attackers to maintain control over compromised systems. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory earlier this year warning organizations about Androxgh0st’s ability to exploit vulnerabilities across different Common Vulnerabilities and Exposures (CVEs).
Some of the key vulnerabilities exploited by Androxgh0st include:
Further analysis by CloudSEK has also uncovered Androxgh0st’s targeting of IoT devices, a tactic previously associated with the Mozi botnet. Despite the disruption of Mozi due to the arrest of its creators in 2021, Androxgh0st’s command-and-control logs suggest a reintegration of Mozi’s payloads into its infrastructure. This integration has expanded the botnet’s reach, posing a greater threat to IoT environments worldwide.
In order to mitigate the risks posed by Androxgh0st, organizations are advised to promptly patch affected software and network vulnerabilities. Regular system checks, vulnerability scans, and software updates are essential steps in combating these evolving cyber threats.
Overall, the emergence of strategic alliances between different botnets like Androxgh0st and Mozi highlights the ever-evolving nature of cyber threats. As cybercriminals continue to collaborate and adapt their tactics, it is crucial for organizations to stay vigilant and proactive in securing their systems and data against such threats.