What happens when an invisible army of compromised devices can be rented by anyone with a Telegram account? Cybersecurity researchers say the answer may now be clearer: a stealthy, multi-architecture botnet called Masjesu that has been promoted as a DDoS-for-hire service since it first surfaced in 2023.
Background: a botnet sold in public channels
Security experts recently revealed details about Masjesu, a covert network of compromised Internet of Things (IoT) devices built to launch distributed denial-of-service (DDoS) attacks. According to those researchers, Masjesu has been advertised on Telegram as a DDoS-for-hire offering since its initial appearance in 2023.
Current findings: stealth and scope
Researchers describe Masjesu as “stealthy” and emphasize its capacity to target a broad class of devices. The botnet is capable of compromising a wide range of IoT endpoints — explicitly including routers and gateways — and runs across multiple hardware architectures, increasing the pool of devices it can enlist in attacks.
Why this matters: technical reach and operational risk
The combination of stealth, a for-hire business model, and multi-architecture support changes the threat equation. A botnet that can inhabit many device types and remain difficult to detect can be rented to disrupt online services, communications, or infrastructure. For technologists, the technical diversity Masjesu supports complicates detection and remediation; for users, the risk is that everyday networked devices — not just servers — can be turned into attack platforms; for potential adversaries, an available-for-hire service lowers the barrier to entry for launching DDoS campaigns.
Perspectives: what stakeholders face
- Technologists must consider defenses that account for heterogeneous IoT ecosystems and stealthy compromises across architectures.
- Policymakers and incident responders are confronted with a commercially marketed capability that can be acquired via public messaging channels.
- Device owners and administrators need clearer signals about their exposure, even when devices are not conventional computing hosts.
- Adversaries and opportunists benefit from commodification: a DDoS-for-hire model places destructive power within reach of nonexpert actors.
Conclusion
Masjesu illustrates a friction point where accessible criminal marketplaces meet an expansive field of vulnerable, networked devices. If a stealthy botnet can be advertised publicly and span the hardware people and organizations use every day, the central question becomes not whether such attacks are possible, but how prepared we are to detect, disrupt and deter them.
https://thehackernews.com/2026/04/masjesu-botnet-emerges-as-ddos-for-hire.html
