A new variant of the Gafgyt botnet malware, called C0XMO, has been identified targeting multiple Linux architectures by exploiting a stack buffer overflow vulnerability (CVE-2021-27137) in the UPnP service of DD-WRT router firmware. This modular malware uses architecture-specific payloads and Python-based scripts for lateral movement, allowing it to compromise a wide range of IoT and embedded devices, launch DDoS attacks, and exploit various other known vulnerabilities in devices from D-Link, GLPI project software, and Avtech DVR cameras. Users are advised to apply firmware updates, disable UPnP where unnecessary, and monitor network traffic to mitigate this ongoing threat.
https://cybersecuritynews.com/new-gafgyt-variant-targets-multiple-linux-architectures/