After the Mozi botnet mysteriously disappeared last year, a new and seemingly more powerful botnet, Androxgh0st, rose from its ashes and has quickly become a major threat to critical infrastructure.
"Based on the available information, we can ascertain with low confidence that the Androxgh0st botnet is being operated by Chinese threat actors that are driven by similar interests as that of the Chinese state," CloudSEK researcher Koushik Pal told The Register.
Check Point, meanwhile, rated Androxgh0st as the most prevalent malware globally, and said it affected 5 percent of organizations worldwide during November.
The added Mozi capabilities allow Androxgh0st to control a much broader range of targets than it did at the beginning of the year, and "these attacks create cascading effects across industries, highlighting the high stakes for governments, businesses, and individuals reliant on these infrastructures," according to Check Point's Most Wanted Malware report.
Botnets, a favorite of Beijing-backed attackers, are especially insidious, and this one's ability to target both web servers and IoT devices expands its reach. After exploiting a vulnerability to deploy a payload on the victim device, that device becomes part of the botnet, which can then be used to break into other critical networks, perform large-scale DDoS attacks, and conduct mass surveillance and data theft operations.