🟠 High  |  Source: The Hacker News


RustDuck is a rapidly evolving two-stage botnet, written in Rust, that compromises home routers, IP cameras, Android boxes, and exposed servers to form a DDoS-for-hire network. Tracked by QiAnXin XLab since February 2026, its most concerning trait is the speed at which it is being updated and rewritten, suggesting active, well-resourced development. The use of Rust makes detection and reverse engineering harder, raising the threat level compared to older C-based botnets.

Security Architect’s Take: Audit internet-facing infrastructure — particularly any self-hosted servers, IoT-adjacent devices, or cloud instances with weak SSH credentials or unpatched services — and ensure outbound DDoS amplification traffic is blocked at the network perimeter. Cloud-hosted workloads should have egress filtering rules in place and anomalous outbound traffic alerts configured in your SIEM.

Original advisory: RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS