C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
Summary
A new variant of the Gafgyt botnet, dubbed C0XMO, is actively spreading by exploiting a vulnerability in DD-WRT router firmware. This botnet is notable for its ability to detect and eliminate rival malware, including other botnets, from infected devices. It can also propagate to other device types across various CPU architectures.
IFF Assessment
The emergence of a new, aggressive botnet that exploits router vulnerabilities and actively eliminates competitors poses a significant threat to network security and the broader cybersecurity landscape.
Defender Context
This incident highlights the ongoing risk posed by exploited vulnerabilities in internet-connected devices, particularly routers which are often overlooked targets for firmware updates. Defenders should prioritize securing network edge devices, monitoring for signs of botnet activity, and ensuring all firmware is up-to-date to mitigate the spread of such threats.