RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
Overview
A new malware called RustDuck is actively hijacking various devices, including home routers, IP cameras, Android boxes, and poorly secured servers. The malware operates in two stages and connects these compromised devices into a botnet designed to launch Distributed Denial of Service (DDoS) attacks, effectively taking websites and online services offline. Researchers from QiAnXin's XLab have been monitoring RustDuck since February 2026 and note that its rapid evolution is particularly concerning. This highlights the vulnerability of consumer devices and poorly secured servers, which can be easily exploited by attackers. Users and organizations need to ensure their devices are secured to prevent becoming part of such a botnet.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Home routers, IP cameras, Android boxes, poorly secured servers
- Action Required: Users should secure their devices with strong passwords and keep firmware updated to the latest versions.
- Timeline: Ongoing since February 2026
Original Article Summary
A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the real story is not how big it is today, but how fast it is changing. The end goal is a
Impact
Home routers, IP cameras, Android boxes, poorly secured servers
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Ongoing since February 2026
Remediation
Users should secure their devices with strong passwords and keep firmware updated to the latest versions.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Android, Google, Vulnerability, and 3 more.