IT security firm Check Point Software has released its malware snapshot for November. The report highlights the growing threat posed by the Androxgh0st malware, which has risen to a joint first place with Fakeupdates, affecting 6.91 percent of Swedish organizations. Researchers also found that Androxgh0st is exploiting vulnerabilities in IoT devices and servers—components that are often part of critical infrastructure.
Androxgh0st, now integrated with the Mozi botnet, can leverage Mozi’s techniques to attack systems remotely and use persistence mechanisms that enable malicious actions such as distributed denial-of-service attacks and data theft. The botnet infiltrates systems through unpatched security flaws, and the addition of Mozi has substantially expanded Androxgh0st’s reach, increasing the number of infected devices running this code. Both businesses and private users have grown more dependent on IoT devices, which can be vulnerable without proper protection.
Critical infrastructure—covering power grids, transportation networks and healthcare—remains an attractive target for cybercriminal actors because of its essential role in daily life and society. Disruptions to these systems can cause widespread chaos, significant economic losses and direct threats to public safety.
“The rise of Androxgh0st and its integration with Mozi demonstrate how cybercriminals continually refine their methods to access sensitive information,” says Mats Ekdahl, security expert at Check Point Software. Companies and organizations must quickly adapt and deploy security measures capable of detecting and neutralizing these threats before they inflict widespread damage.
In the malware rankings, Androxgh0st and Fakeupdates share the top position at 6.91 percent. Following them, the MrBeast malware variant occupies third place at 4.92 percent.