Mozi

Malware updated a month ago (2024-11-29T14:03:46.297Z)
Download STIX
Preview STIX
Mozi, a malicious software (malware), has been a significant force in the cyber threat landscape. This malware, known for exploiting outdated and vulnerable Internet of Things (IoT) devices, was responsible for 74% of all IoT attacks in 2021. The Mozi botnet, infamous for hijacking hundreds of thousands of internet-connected devices each year, saw significant growth since Q3 2021, with over 5 million detections in the early months of 2022. Most of the malware samples detected were from well-known malware families like Mirai, Gafgyt, and Mozi. Despite disruption efforts, recent logs from command-and-control operations by Androxgh0st suggest that Mozi's payloads have been reintegrated into its botnet infrastructure. This reintegration has resulted in an extensive infection network, increasing the threat’s reach to IoT environments. Further analysis revealed that Androxgh0st is also targeting IoT devices, a tactic historically associated with Mozi. This activity primarily impacted routers and DVRs across China, India, and Albania before the creators of Mozi were arrested in 2021. There are emerging concerns about a potential operational alliance between the Androxgh0st and Mozi botnets. Significant developments in the Androxgh0st botnet reveal strategic expansion and integration with elements from the Mozi botnet, including deploying Mozi’s IoT-focused payloads. However, it remains unclear who is behind the Mozi Botnet kill switch, which could potentially mitigate the threat posed by these combined forces.
Description last updated: 2024-11-07T19:02:14.025Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mozi Botnet is a possible alias for Mozi. The Mozi botnet, a notorious malware, was responsible for 74% of all Internet of Things (IoT) attacks in 2021. Despite the arrest of its authors in summer 2021 leading to an overall drop in IoT attacks in Q4 of that year, the malware continued to infect more connected devices. It saw significant gro
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Malware
Eset
Bot
Exploit
Payload
Android
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Malware is associated with Mozi. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quarUnspecified
5
The Kinsing Malware is associated with Mozi. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informaUnspecified
2
The Magecart Malware is associated with Mozi. Magecart is a form of malware that targets e-commerce platforms by injecting malicious code to steal customer data. The malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations and steal personal informatUnspecified
2
The Lumma Stealer Malware is associated with Mozi. Lumma Stealer is a potent malware designed to exfiltrate information from compromised systems, including system details, web browsers, and browser extensions. The malware was primarily delivered to victims through websites hosting cracked games, specifically targeting gamers. In July 2024, it was diUnspecified
2
The Gafgyt Malware is associated with Mozi. Gafgyt, also known as Bashlite, is a type of malware that targets Linux architecture operating systems with the primary intent to launch distributed denial of service (DDoS) attacks. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, and upon entry, Unspecified
2
Source Document References
Information about the Mozi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
2 months ago
ESET
4 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
10 months ago
Securityaffairs
10 months ago
Securityaffairs
10 months ago
CERT-EU
10 months ago
Securityaffairs
10 months ago
Securityaffairs
a year ago
ESET
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago