Androxgh0st Continues Exploitation: Operators Compromise a US University For Hosting C2 Logger

CloudSEK reports that the Androxgh0st botnet has expanded its arsenal of initial access vectors—leveraging numerous web application and IoT vulnerabilities (e.g., Apache Shiro/JNDI, Spring4Shell, Jackson, fastjson, Lantronix) to achieve RCE, deploy webshells, steal sensitive files, and run cryptomining; investigators recovered C2 logger panels on compromised academic/public domains, command logs showing injection attempts, multiple webshell variants, IOCs (domains, IP, MD5s) and YARA rules, and provide mitigations including patching, outbound restriction of JNDI-related services, WAF/RASP and filesystem audits.