C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

Fortinet researchers discovered C0XMO, a modular Gafgyt variant that exploits CVE-2021-27137 and brute-forces credentials to infect a wide range of architectures and devices (ARM, MIPS, x86, PowerPC, SuperH, etc.), deploy persistent hidden binaries, remove competing malware, and provide 19 DDoS attack methods via a hardcoded C2 — indicating a sophisticated, actively distributed IoT botnet campaign.