THE article discusses the emergence of C0XMO, a new variant of the Gafgyt botnet, which exploits unpatched vulnerabilities in IoT devices. Discovered in March 2026, C0XMO spreads through a specific flaw (CVE-2021-27137) found in DD-WRT router firmware, allowing unauthorized access without authentication. Targeting digital infrastructure, it effectively eliminates rival malware while executing large scale DDoS attacks through diverse methods.
The botnet operates using a custom command-and-control system and separates its scanning functionalities into a standalone Python script, enhancing its adaptability. C0XMO's architecture signifies a significant advancement in botnet operations, demonstrating improved modularity, distribution strategies, and the capability to exploit multiple vulnerabilities.