Keypoints
- Masjesu has been active since at least 2023 and is promoted on Telegram for large-scale DDoS services.
- The majority of infected devices are in Vietnam, with notable infections in Brazil, India, Iran, Kenya, and Ukraine.
- It propagates by exploiting vulnerabilities in D-Link, GPON, Huawei, Netgear devices, MVPower DVRs, UPnP services, and other IoT targets.
- The malware persists by renaming its executable to mimic system components, forking a new process, creating a cron job, and running as a background daemon.
- Operators use multiple C&C domains and fallback IPs to orchestrate diverse DDoS vectors, including UDP, TCP, ICMP, GRE, RDP, and HTTP floods.
Read More: https://www.securityweek.com/evasive-masjesu-ddos-botnet-targets-iot-devices/