securityonline.info 7/7/2026, 8:58:09 AM · external

RustDuck botnet switches to Rust, exploits weak IoT logins

RustDuck botnet switches to Rust, exploits weak IoT logins
CyberSIXT Evidence Panel Source marked as original reporting

THE RustDuck botnet is a newly identified DDoS malware that utilizes a two-stage loader-and-core design and is notable for shifting its development language from C to Rust. This transition enhances the code's complexity and security, making it harder to analyze. RustDuck spreads by exploiting weak passwords and vulnerabilities in IoT devices, web applications, and servers, using brute-force attacks on Telnet and SSH logins, as well as several Remote Code Execution (RCE) flaws.

Its infection method includes a loader that conceals its payload in an ELF file, employing advanced encryption techniques for command and control communications. The malware also features anti-analysis capabilities, checking for security tools before executing. To mitigate risks, strong credentials should be used, vulnerable devices should be patched promptly, and unusual network activity should be monitored.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline