As reported by Security Affairs, QiAnXin XLab researchers are tracking a rapidly evolving botnet named RustDuck, which is transitioning from C to Rust and exhibiting increasingly sophisticated evasion and encryption techniques.RustDuck targets a variety of IoT devices, including routers, cameras, and Android set-top boxes, as well as exposed servers running software like ThinkPHP and Jenkins. It exploits a range of known vulnerabilities, from recent to older ones like CVE-2017-17215. The malware employs advanced anti-analysis measures, including a dynamic weight scoring system to detect sandboxed environments and debuggers. Its communication with command-and-control servers utilizes strong encryption like ChaCha20-Poly1305 and AES-GCM, with keys rotating frequently.The botnet's migration to Rust makes its binaries harder to analyze using traditional tools. While currently not the largest botnet, its swift technological advancement and adaptability warrant significant attention from security professionals.Source: Security Affairs
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




