A new Mozi P2P botnet is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. Experts noticed that the sample borrows part of code from the Gafgyt malware. In the last months, the botnet was mainly involved in DDoS attacks. The main commands implemented by Mozi bot allow it to: Launch DDoS attack, collect and exfiltrate bot info (Bot ID, IP, PORT, filename (full path), gateway, gateway)”]
Source: https://securityaffairs.co/wordpress/95608/malware/mozi-p2p-botnet.html