Fortinet researchers uncovered C0XMO, a new and more modular Gafgyt botnet variant that targets DD-WRT routers and can spread across many CPU architectures and device types. It exploits CVE-2021-27137, brute-forces weak SSH/Telnet credentials, and supports a wide range of DDoS capabilities while also hunting down competing tools and botnet clients on infected hosts. #C0XMO #Gafgyt #DDWRT #CVE202127137
Keypoints
- C0XMO is a new variant of the Gafgyt botnet.
- It targets DD-WRT routers and many other device architectures.
- The malware exploits CVE-2021-27137 without authentication.
- It scans for weak SSH and Telnet credentials to spread laterally.
- C0XMO launches DDoS attacks and removes competing tools from infected systems.