Security News > 2023 > November > Mozi malware botnet goes dark after mysterious use of kill-switch
Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots.
Mozi is a well-known DDoS malware botnet that emerged in 2019, primarily targeting IoT devices such as routers, digital video recorders, and other internet-connected gadgets.
Termination of the Mozi malware process, Disabling certain system services, Replacement of the Mozi file, Execution of device configuration commands, Blocking access to various ports, Establish a foothold for the new file.
ESET's code analysis showed strong similarities between the original Mozi code and the binaries used in the takedown, which featured the correct private keys for signing the payload. This hints at the involvement of either the original botnet creators and/or Chinese law enforcement in the takedown, but for now, this remains unanswered.
Despite the good news of one of the most prolific botnets going offline, there are many more DDoS malware botnets scanning the web daily for vulnerable IoTs.
P2PInfect botnet activity surges 600x with stealthier malware variants.