A stealthy and persistent botnet known as Masjesu is actively targeting Internet of Things (IoT) devices to launch large-scale distributed denial-of-service (DDoS) attacks. According to research from Trellix, the botnet has been operating since at least 2023 and continues to evolve with advanced evasion and persistence techniques.
Unlike many botnets that aim for rapid, widespread infection, Masjesu takes a more controlled and strategic approach. It avoids targeting sensitive infrastructure and blacklisted IP ranges, focusing instead on maintaining long-term access to compromised devices. This selective behavior makes it harder to detect and disrupt, allowing attackers to sustain their operations over time.
The botnet primarily spreads by exploiting vulnerabilities in common IoT devices, including routers, DVRs, and home gateways from brands like D-Link, Huawei, and Netgear. Once a device is compromised, the malware establishes a foothold by opening a hidden communication channel that allows attackers to control it remotely. It then strengthens its persistence by disguising itself as a legitimate system process and scheduling regular execution through system tasks.
Masjesu is designed to operate across multiple hardware architectures, making it highly adaptable and capable of infecting a wide range of devices. It also encrypts its internal configurations, including command-and-control (C2) server details, which are only decrypted during runtime. This adds another layer of stealth, helping it evade detection by security tools.
To maintain control and prevent interference, the malware actively disables competing processes and locks system resources, ensuring that other threats cannot take over the same device. It continuously scans the internet for new vulnerable targets, expanding its reach while maintaining a distributed attack infrastructure across multiple networks and regions.
Once activated, the botnet can launch a variety of DDoS attacks, including TCP, UDP, HTTP, and other protocol-based floods. These attacks can generate massive traffic volumes, potentially overwhelming targeted systems and causing service disruptions.
Geographically, most infections have been observed in regions such as Vietnam, Brazil, India, Iran, Kenya, and Ukraine, highlighting the global nature of IoT-based threats. The distributed nature of the botnet further complicates mitigation efforts, as attacks originate from diverse networks rather than a single source.
This campaign underscores the growing risks associated with unsecured IoT devices. As more connected devices enter networks, they become attractive targets for attackers seeking to build powerful botnets. Organizations and individuals alike must prioritize securing their devices by applying updates, disabling unnecessary services, and monitoring for unusual activity
Recommended Cyber Technology News:
- Cynomi Launches GTM Academy To Boost MSP Cyber Revenue
- OmniTrust and Synopsys Advance Embedded Security Testing
- NuHarbor Security and Right Systems Partner To Expand Cybersecurity
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
