Read all Blogs from this Author
The Androxgh0st botnet, an emerging cyber threat since January 2024, has resurfaced with advanced capabilities and integration of IoT-focused Mozi payloads. Exploiting over 20 vulnerabilities in technologies like Cisco ASA, Atlassian JIRA, PHP frameworks, and IoT devices, Androxgh0st enables unauthorized access and remote code execution. Its growing sophistication includes shared infrastructure and malware persistence tactics, posing risks to global web servers and IoT networks. CloudSEK’s research highlights the botnet's operational overlap with Mozi, emphasizing the need for immediate patching and vigilant monitoring to mitigate exploitation risks.
CloudSEK uncovered that the Androxgh0st botnet compromised a University of California, San Diego subdomain to host its C2 logger. Active since 2023, the botnet exploits vulnerabilities in Apache Shiro, Spring4Shell, WordPress, IoT devices, and more for remote code execution and cryptomining. Webshells were also deployed for persistence.
Read all Whitepapers and reports from this Author
Read all knowledge base articles from this Author
