In today’s digital world, the Internet of Things (IoT) plays an important role in both local and global economies due to its widespread adoption in different applications. This technology has the potential to offer several advantages over conventional technologies in the near future. However, the potential growth of this technology also attracts attention from hackers, which introduces new challenges for the research community that range from hardware and software security to user privacy and authentication. Therefore, we focus on a particular security concern that is associated with malware detection. The literature presents many countermeasures, but inconsistent results on identical datasets and algorithms raise concerns about model biases, training quality, and complexity. This highlights the need for an adaptive, real-time learning framework that can effectively mitigate malware threats in IoT applications. To address these challenges, (i) we propose an intelligent framework based on Two-step Deep Reinforcement Learning (TwStDRL) that is capable of learning and adapting in real-time to counter malware threats in IoT applications. This framework uses exploration and exploitation phenomena during both the training and testing phases by storing results in a replay memory. The stored knowledge allows the model to effectively navigate the environment and maximize cumulative rewards. (ii) To demonstrate the superiority of the TwStDRL framework, we implement and evaluate several machine learning algorithms for comparative analysis that include Support Vector Machines (SVM), Multi-Layer Perceptron, Random Forests, and k-means Clustering. The selection of these algorithms is driven by the inconsistent results reported in the literature, which create doubt about their robustness and reliability in real-world IoT deployments. (iii) Finally, we provide a comprehensive evaluation to justify why the TwStDRL framework outperforms them in mitigating security threats. During analysis, we noted that our proposed TwStDRL scheme achieves an average performance of 99.45 % across accuracy, precision, recall, and F1-score, which is an absolute improvement of roughly 3 % over the existing malware-detection models.