CyberVeille.ch5d ago

📢 C0XMO : nouveau variant Gafgyt exploitant DD-WRT pour se propager sur plusieurs architectures Linux
📝 ## 🔍 Contexte

Publié le 3 juin 2026 par Vincent Li (FortiGuard...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-08-c0xmo-nouveau-variant-gafgyt-exploitant-dd-wrt-pour-se-propager-sur-plusieurs-architectures-linux/
🌐 source : https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo
#C0XMO #CVE_2015_2051 #Cyberveille

C0XMO : nouveau variant Gafgyt exploitant DD-WRT pour se propager sur plusieurs architectures Linux

🔍 Contexte Publié le 3 juin 2026 par Vincent Li (FortiGuard Labs), cet article présente l’analyse technique détaillée de C0XMO, un nouveau variant du botnet Gafgyt découvert en mars 2026. La cible initiale était une entreprise technologique japonaise, mais l’adresse IP source de l’attaque a été tracée en Allemagne. 🎯 Vecteur d’infection initial Le malware se propage en exploitant CVE-2021-27137, un stack buffer overflow dans le service UPnP des firmwares DD-WRT antérieurs au changeset 45723. La vulnérabilité est déclenchée via des requêtes M-SEARCH malformées envoyées sur le port UDP 1900, exploitant une mauvaise gestion des valeurs ST:uuid: surdimensionnées par le parseur SSDP.

CyberVeille
The Threat Codex5d ago
Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO
#C0XMO #CVE_2021_27137
https://www.fortinet.com/lat/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo
Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs

FortiGuard Labs analyzes C0XMO, a new Gafgyt variant leveraging DD-WRT exploitation and multi-architecture propagation to expand IoT botnet infections.…

Fortinet Blog
cryptax5d ago

C0XMO is a new Mirai-like botnet. Its scanner is implemented in Python for portability on various platforms. To infect new devices, apart from weak passwords in Telnet/SSH, it also tries several HTTP exploits.

https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo

#C0xmo #malware #ddos #router #ddwrt

Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs

FortiGuard Labs analyzes C0XMO, a new Gafgyt variant leveraging DD-WRT exploitation and multi-architecture propagation to expand IoT botnet infections.…

Fortinet Blog
securityaffairs6d ago
#IoT #Botnet #C0XMO Adds Competitor-Killing Capability
https://securityaffairs.com/193290/uncategorized/iot-botnet-c0xmo-adds-competitor-killing-capability.html
#securityaffairs #hacking #malware
IoT Botnet C0XMO Adds Competitor-Killing Capability

C0XMO is a new Gafgyt botnet variant exploiting old router flaws, spreading across IoT devices, killing rivals, and enabling large-scale DDoSs

Security Affairs
Daniel Marsh6d ago

Fortinet researchers have uncovered C0XMO, an advanced Gafgyt variant that exploits a DD-WRT router flaw (CVE-2021-27137) for complete device takeover. This botnet doesn't just hijack bandwidth; it aggressively eliminates rival malware and establishes persistent control to launch sophisticated DDoS attacks. Discover the TTPs and crucial defenses against this evolving IoT threat.

https://www.tpp.blog/2bmuwu1

#cybersecurity #c0xmo #ddwrt

🤖 This post was AI-generated.

The New Oil6d ago

#C0XMO #botnet spreads via #DDWRT router flaw, kills rival #malware

https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/

#FOSS #networking #privacy #cybersecurity

C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures.

BleepingComputer