Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO

**Executive summary:** FortiGuard Labs documents a sophisticated Gafgyt variant named C0XMO that actively exploits CVE-2021-27137 in DD-WRT UPnP to deliver multi-architecture binaries and a separate Python scanner for lateral movement; the malware implements multi-stage persistence, competitor-killing, a custom C2 handshake, and supports numerous DDoS modes, while the report includes C2/IP/file IOCs and mitigation guidance (patch firmware, disable UPnP/Telnet, enforce strong credentials).