In the age of Internet of Things (IoT), exploitation of security vulnerabilities is increasing, including self-propagating IoT malware. As an answer, specific research on IoT malware is being developed. Many studies use Markov chain models of malware propagation to predict the behavior of epidemics qualitatively and quantitatively. However, most studies approximate random propagation as a simple multiplicative term and no exact derivation of the Markov chain for random propagation was done so far. Moreover, systems of malware mitigation operating at the network level are rare and the majority of proposals focus on local networks like wireless sensor networks. In this article, we present a simple derivation of the exact Markov chain for random propagation of malware. Our model assumes a binomial form, compatible with binomial distributions in stochastic studies. To validate this derivation we implemented a stochastic simulation for the simplest compartmental epidemic model, susceptible–infected–susceptible (SIS). Predictions of the proposed Markov chain match simulation results with less than 0.2% error, well within stochastic variability and much smaller than the error of literature models. To complement our model of propagation, we developed and derived the Markov chain of a new system of malware mitigation, based on grouping random devices with identified infections during malware cleaning. Our mitigation system works at the network level and counteracts the vulnerability of mass deployment of IoT devices with aggressive but calculated mass disconnection. The system is able to artificially reduce $R_{0}$ (the basic reproduction number) below 1 and prevent malware taking over the network—all without changing the rate of detection.