Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

RustDuck DDoS botnet activity targeting routers and servers

Malware Activity
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

The RustDuck malware family is hijacking routers, cameras, Android boxes, and servers to assemble a DDoS botnet that can flood targets and knock websites and online services offline. Tracked since February 2026, it is spreading through weak passwords, exposed device interfaces, and multiple old vulnerabilities. Newer samples are being rewritten from C to Rust and add anti-analysis checks plus encrypted command traffic, making the botnet harder to study and shut down.

Related Happenings

C0XMO Gafgyt botnet activity on DD-WRT routers

Malware Activity
H score19 First: 07.06.2026 17:17 Last: 07.06.2026 17:17 Sources 1

About this happening: The **C0XMO** botnet is spreading through **DD-WRT router firmware** and other internet-facing devices, increasing the pool of systems available for **DDoS** attacks. It exploits...

Open Happening

Xlabs_v1 Mirai-derived ADB DDoS botnet

Malware Activity
H score22 First: 06.05.2026 23:21 Last: 06.05.2026 23:21 Sources 1

About this happening: The **xlabs_v1** Mirai-derived botnet has been exposed as a **DDoS** tool that abuses **Android Debug Bridge (ADB)** on internet-facing devices, expanding risk to **Android**, rou...

Open Happening

TBK DVR command injection flaw actively exploited (CVE-2024-3721)

Vulnerability
H score1 First: 20.04.2026 16:01 Last: 20.04.2026 16:01 Sources 1

About this happening: The **CVE-2024-3721** command injection flaw in **TBK DVR systems** is being actively exploited to gain access and install **Nexcorium** malware. Attackers abuse **crafted request...

Open Happening

Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown

Law Enforcement
H score20 First: 20.03.2026 10:05 Last: 20.03.2026 10:05 Sources 1

About this happening: The **U.S. Department of Justice** announced the arrest of **Jacob Butler (aka Dort)**, a **23-year-old** in **Ottawa, Canada**, for allegedly developing and operating the **Kimwo...

Open Happening

SocksEscort criminal proxy-service ecosystem monetizing residential routers

Threat Actor Meta
H score36 First: 13.03.2026 07:26 Last: 13.03.2026 07:26 Sources 1

About this happening: The **SocksEscort** proxy-service ecosystem turned compromised residential routers into a rentable abuse platform, letting criminal customers hide behind **369,000 IP addresses**...

Open Happening

Timeline

  1. 30.06.2026 20:45 2 articles · 4h ago

    RustDuck botnet hijacks routers and servers for DDoS

    Initial Disclosure

    RustDuck is a new two-stage malware family that hijacks home routers, IP cameras, Android boxes, and poorly secured servers to build a DDoS botnet, while newer samples are rewritten from C to Rust and hardened with anti-analysis checks, encrypted command traffic, and dynamic-DNS control infrastructure. The malware spreads through weak or default passwords, exposed Android Debug Bridge interfaces, and old flaws in devices and server software, and its operators can start or stop attacks, report status, switch control servers, or upgrade the malware to a newer build.

    Show sources
    Open in new tab