AndroxGh0st Malware Leverages Mozi Botnet to Target IoT and Cloud Services
On November 8, 2024, IoT Security / Vulnerability
The creators of the AndroxGh0st malware are now exploiting a wider range of security vulnerabilities affecting various internet-facing applications, while also deploying the Mozi botnet. According to a recent report by CloudSEK, this botnet employs remote code execution and credential theft techniques to maintain ongoing access, using unpatched vulnerabilities to infiltrate critical infrastructures.
AndroxGh0st is a Python-based attack tool specifically designed to target Laravel applications, aiming to extract sensitive data related to services such as Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least 2022, it has previously exploited vulnerabilities in the Apache web server (CVE-2021-41773), Laravel Framework (CVE-2018-15133), and PHPUnit (CVE-2017-9841) to gain initial access, escalate privileges, and maintain persistent control over compromised systems. Earlier this January, U.S. cybersecurity and intelligence agencies…