April 8, 2026

Evasive Malware Exploits Vulnerabilities in IoT Devices via DDoS Botnets

Vaibhav April 8, 2026
Evasive-Malware-Exploits-Vulnerabilities-in-IoT-Devices-via-DDoS-Botnets
Post Views: 15

Trellix Unveils Inner Workings of Evasive Masjesu Botnet

The cybersecurity firm Trellix has conducted an in-depth analysis of the Evasive Masjesu botnet, which has been wreaking havoc on IoT devices since at least 2023.

Botnet Targets IoT Devices for DDoS Attacks

  • The botnet has been operational since 2023, with its operator promoting its capabilities on Telegram channels targeting both Chinese and English-speaking users.
  • The operator’s Telegram channel boasts over 400 subscribers.
  • An examination of attack source countries reveals that the majority of affected devices are located in Vietnam, with additional compromises in Brazil, India, Iran, Kenya, and Ukraine.
  • This widespread distribution indicates a complex attack vector involving multiple Autonomous System Numbers (ASNs).

Masjesu’s Architectural Versatility

Masjesu can target various architectures, including:

  • i386
  • MIPS
  • ARM
  • SPARC
  • PPC
  • 68K (Motorola 68000)
  • AMD64

The botnet spreads through vulnerabilities in:

  • D-Link routers
  • GPON routers
  • Huawei home gateways
  • MVPower DVRs
  • Netgear routers
  • UPnP services
  • Other IoT devices
According to Trellix, “Upon infection, the malware establishes a persistent connection to its command-and-control (C&C) domain, using a hardcoded TCP port for remote access.”

Persistance Mechanisms

To ensure persistence, the malware:

  • Creates a cron job to run a renamed executable every 15 minutes
  • Converts the process into a background daemon
  • Renames it to resemble a legitimate system component
  • Terminates commonly used processes, such as wget and curl
  • Restricts access to shared temporary folders

C&C Domains and Fallback IP Addresses

Masjesu employs multiple C&C domains and fallback IP addresses, along with a 60-second receive timeout on socket connections.

Upon receiving instructions from the C&C server, the botnet launches various types of DDoS attacks, including:

  • UDP
  • TCP
  • VSE
  • GRE
  • RDP
  • OSPF
  • ICMP
  • IGMP
  • TCP SYN
  • TCP ACK
  • TCP ACKPSH
  • HTTP floods

These attacks pose a significant threat to organizations reliant on online infrastructure, underscoring the importance of robust network security measures and regular updates to mitigate potential vulnerabilities.


Blog Image

About Author

Vaibhav

See author's posts

More Stories

Devices-Most-Vulnerable-to-Hacking-Threats-in-2026-A-Forecast-Analysis

“Devices Most Vulnerable to Hacking Threats in 2026: A Forecast Analysis

Vaibhav March 23, 2026
Critical-Vulnerabilities-Exposed-Gardyn-Smart-Gardens-to-Remote-Hacking-Attacksdata

Critical Vulnerabilities Exposed Gardyn Smart Gardens to Remote Hacking Attacks

Vaibhav February 27, 2026
IoT microcontroller

In 2030, IoT Microcontroller Business will be on the Hype to reach $13,898 million

Tinku July 27, 2022 0

Latest Cyber Security News

hong-kong-encryption-law-national-security

hong-kong-encryption-law-national-security

Vaibhav April 8, 2026
Outdated-Software-Risks-Security-Threats-on-Macs-and-Mobile-Devices

Outdated Software Risks Security Threats on Macs and Mobile Devices

Vaibhav April 8, 2026
Acronis-Unveils-Managed-Detection-and-Response-Service-for-Managed-Security-Providers

Acronis Unveils Managed Detection and Response Service for Managed Security Providers

Vaibhav April 8, 2026
Medusa-Ransomware-Deployment-Tied-to-Recent-Vulnerability-Exploitation

Medusa Ransomware Deployment Tied to Recent Vulnerability Exploitation

Vaibhav April 8, 2026
OpenSSL-Data-Breach-Vulnerability-Fixed-with-Latest-Update

OpenSSL Data Breach Vulnerability Fixed with Latest Update

Vaibhav April 8, 2026
en_USEnglish
en_USEnglish