Last March 2026, FortiGuard Labs discovered a new Gafgyt botnet variant, C0XMO, that spreads by exploiting CVE-2021-27137. Our analysis revealed that, unlike earlier versions, this malware separates its lateral movement into a standalone Python script. This approach helps the attacker target various system architectures and device types more efficiently. Below is a detailed technical overview of its structure, propagation methods, and attack features.[1]
Link to full report: IR-26-165-001_X platforms.pdf
[1] https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo?lctg=141970831
Comments