360/69 Thursday, July 2, 2026

Security researchers have disclosed the discovery of a new malware family named RustDuck, a botnet that targets internet-exposed devices such as routers, IP cameras, Android boxes, and servers with weak security configurations. The compromised devices are used as part of a network for Distributed Denial-of-Service (DDoS) attacks. Activity associated with this malware family has been tracked since February 2026.
RustDuck spreads through multiple methods, including brute-forcing Telnet and SSH services that use weak or default passwords, exploiting vulnerabilities in IoT devices and routers, and targeting vulnerabilities in server-side software such as ThinkPHP, Jenkins, and Hadoop YARN. Researchers also observed the use of several older vulnerabilities, including CVE-2017-17215, CVE-2025-29635, CVE-2024-1781, and CVE-2018-8007, to attack devices and systems that have not been patched.
RustDuck has two main components: a loader that decrypts and loads the main module, and a core module that receives commands from the command-and-control server. Researchers found that newer versions of the main module are being redeveloped from C to Rust, while adding analysis-evasion techniques such as detecting malware analysis tools, debuggers, sandboxes, honeypots, and virtual machines. The malware also encrypts its communication with the command-and-control server. Administrators should disable unnecessary Telnet, SSH, and Android Debug Bridge services, avoid exposing management interfaces to the internet, change default passwords, update devices that still receive security patches, and consider replacing end-of-life devices to reduce risk.
Source: https://thehackernews.com/2026/06/rustduck-botnet-rebuilds-in-rust-to.html
