Bottom line: RustDuck is an emerging botnet that abuses poorly secured network devices for organized DDoS campaigns and continuously evolves.
A new malware family called RustDuck compromises unsecured routers, IP cameras and servers to integrate them into a botnet for distributed denial-of-service attacks. QiAnXin researchers have been observing the activity since February 2026 and warn of the malware’s rapid evolution.
The RustDuck malware family uses a two-stage infection model to incorporate various device types into its network: home routers, IP cameras, Android boxes and poorly configured servers. The infected hardware is then abused to conduct distributed denial-of-service attacks against websites and online services.
Researchers at QiAnXin’s XLab have been monitoring RustDuck since February 2026. Threat analysis shows that not only the current size of the botnet is problematic, but especially the speed at which the malware is evolving.
For CISOs, this means increased risk with unencrypted or default-configured network devices. The continuous adaptation of RustDuck complicates preventive measures and makes consistent infrastructure hardening and active anomaly detection priority control measures. Particular attention should be paid to poorly protected IoT and border devices, as these are frequent targets for botnet malware.
Source: thehackernews.com · Published 30 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.2.