RustDuck Botnet Rebuilds in Rust for DDoS Attacks

A new malware family named RustDuck, written in the Rust programming language, is actively hijacking internet-connected devices to build a botnet for distributed denial-of-service (DDoS) attacks. Researchers at QiAnXin's XLab have been tracking this evolving threat since February 2026. The malware employs a two-stage infection process, targeting a variety of devices including home routers, IP cameras, Android boxes, and inadequately secured servers.

The primary objective of the RustDuck botnet is to disrupt online services by overwhelming them with traffic. While the current scale of the botnet is not explicitly detailed, the rapid pace of its development and adaptation is highlighted as a significant concern by the researchers. The use of Rust, a modern systems programming language known for its performance and memory safety, suggests a sophisticated approach by the malware's creators, potentially making it more resilient and harder to detect than botnets written in older languages.

QiAnXin's XLab noted that the malware's architecture allows for swift modifications, enabling it to evade existing security measures and adapt to new vulnerabilities. This continuous evolution is a key characteristic that distinguishes RustDuck from many other botnets. The researchers have not yet disclosed specific technical details about the botnet's command-and-control infrastructure or the exact methods used for device exploitation, but the ongoing monitoring indicates a persistent and growing threat to internet stability and the availability of online services.