The Resurgence of IoT Malware: Inside the Mirai-Based Botnet Campaign

FortiGuard Labs analyzed a stealthy malware campaign ("Gayfemboy") actively exploiting multiple command-injection and RCE vulnerabilities in consumer and enterprise network devices (DrayTek, TP‑Link, Raisecom, Cisco ISE) to deliver a UPX-packed ELF payload that implements persistence, sandbox evasion, process-killing, backdoor/C2 communications, and DDoS/coin-mining capabilities; the report provides technical behavior, C2 domains, exploited CVEs, and extensive IOCs to support detection and mitigation.