Malware

RustDuck botnet rapidly evolves with migration to Rust

As reported by Security Affairs, QiAnXin XLab researchers are tracking a rapidly evolving botnet named RustDuck, which is transitioning from C to Rust and exhibiting increasingly sophisticated evasion and encryption techniques.

RustDuck targets a variety of IoT devices, including routers, cameras, and Android set-top boxes, as well as exposed servers running software like ThinkPHP and Jenkins. It exploits a range of known vulnerabilities, from recent to older ones like CVE-2017-17215. The malware employs advanced anti-analysis measures, including a dynamic weight scoring system to detect sandboxed environments and debuggers. Its communication with command-and-control servers utilizes strong encryption like ChaCha20-Poly1305 and AES-GCM, with keys rotating frequently.

The botnet's migration to Rust makes its binaries harder to analyze using traditional tools. While currently not the largest botnet, its swift technological advancement and adaptability warrant significant attention from security professionals.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds