← All stories
● Covered by 1 source Β· 1 reportMedium impact

RustDuck Botnet Targets Routers and Servers with Two-Stage Malware

Aggregated by BrevFeed security Β· updated 1d ago
πŸ”– Save

The RustDuck botnet is hijacking devices like routers and cameras to execute DDoS attacks. Its significance lies in its rapid evolution and the transition from C to Rust, making analysis more difficult.

Key points

Overview of RustDuck Botnet

The RustDuck botnet has emerged as a new threat targeting various devices, including home routers and IP cameras. It operates by forming a distributed network to launch denial-of-service attacks against websites and online services.

Malware Evolution and Targeting Methods

Researchers at QiAnXin's XLab have been monitoring RustDuck since February 2026, noting that its rapid evolution poses a distinct challenge. Instead of relying on a single method, RustDuck exploits a combination of outdated vulnerabilities and weak password protections to infiltrate devices.

Key Vulnerabilities Exploited

RustDuck leverages several known vulnerabilities for device compromise. Notable examples include CVE-2017-17215 affecting Huawei routers, CVE-2025-29635 in D-Link routers, and CVE-2024-1781 in Totolink routers. It also targets flaws in software like ThinkPHP and Jenkins, widening its attack surface.

Two-Stage Installation Process

The malware installs in two stages, beginning with a lightweight loader that unpacks a more complex core module. This core, rewritten in Rust, is more resistant to analysis compared to traditional C-based malware, complicating detection and mitigation efforts.

Impact on Cybersecurity

The emergence of RustDuck underscores the ongoing challenges in cybersecurity, especially regarding IoT devices. Its innovative use of Rust may inspire future malware developments, necessitating enhanced security measures for vulnerable devices.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

The RustDuck botnet is hijacking devices like routers and cameras to execute DDoS attacks. Its significance lies in its rapid evolution and the transition from C to Rust, making analysis more difficult.