"Masjesu has been active since at least 2023, with its operator mainly advertising it on Telegram as capable of launching DDoS attacks of hundreds of gigabytes in magnitude."
"The data strongly suggests a distributed attack originating from multiple ASNs. This indicates the involvement of various networks, rather than the botnet being exclusively hosted on a single Virtual Private Server (VPS) provider."
"Recently analyzed Masjesu samples show it can target multiple architectures, including i386, MIPS, ARM, SPARC, PPC, 68K (Motorola 68000), and AMD64."
"The malware stores sensitive strings - including command-and-control (C&C) domains, ports, folder names, and process names - encrypted in a lookup table and decrypts them at runtime."
Masjesu is a botnet that has been operational since at least 2023, primarily targeting IoT devices for distributed denial-of-service (DDoS) attacks. The operator promotes its capabilities on Telegram, appealing to both Chinese and English-speaking users. The botnet has a significant user base, with most infected devices located in Vietnam, but also affecting countries like Brazil, India, Iran, Kenya, and Ukraine. Masjesu exploits vulnerabilities in various routers and IoT devices, ensuring persistence and remote access through sophisticated malware techniques.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]