THE RustDuck botnet is a newly identified DDoS malware that utilizes a two-stage loader-and-core design and is notable for shifting its development language from C to Rust. This transition enhances the code's complexity and security, making it harder to analyze. RustDuck spreads by exploiting weak passwords and vulnerabilities in IoT devices, web applications, and servers, using brute-force attacks on Telnet and SSH logins, as well as several Remote Code Execution (RCE) flaws.
Its infection method includes a loader that conceals its payload in an ELF file, employing advanced encryption techniques for command and control communications. The malware also features anti-analysis capabilities, checking for security tools before executing. To mitigate risks, strong credentials should be used, vulnerable devices should be patched promptly, and unusual network activity should be monitored.