
New Malware Is Taking Over Home Routers and Cameras. How to Protect Your Devices
Malware called RustDuck is infecting home routers, cameras, and streaming boxes with weak security. Check your devices now.
Source
The Hacker News
Original headline: RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
Plain-English summary by GetCyberRight. Read the full report at the source above.
Researchers at QiAnXin's XLab discovered a new type of malware called RustDuck that is taking control of home routers, IP cameras, Android TV boxes, and poorly secured servers. Once infected, these devices are linked together into a network that attackers use to knock websites and online services offline. The researchers have been tracking this threat since February 2026 and note that it is changing rapidly. This affects families who use home routers, security cameras connected to the internet, and Android streaming boxes. If your router or camera still has the default password that came from the factory, or if you never change the admin password, your device could be vulnerable. The malware targets devices with weak security settings.
Take these steps right now to protect your home devices.
- Change the password on your home router. Log into your router's settings (check the sticker on the device or your manual for instructions) and create a new, strong password.
- Change passwords on all internet-connected cameras and smart devices. Never leave them on factory default settings.
- Check for firmware updates for your router and cameras, and install them.
- If you have an Android TV box or streaming device, make sure it is from a reputable brand and keep it updated. Going forward, treat your router and smart home devices like you treat your phone. They need strong passwords and regular updates. When you buy a new router, camera, or smart device, changing the default password should be the very first thing you do. Set a calendar reminder every six months to check for firmware updates on these devices.
Curated from trusted cybersecurity sources by GetCyberRight
Source: The Hacker NewsStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Government and Critical Infrastructure Systems Targeted in Southeast Asia
A hacking group linked to China compromised at least 10 organizations in Southeast Asia, including two government-owned entities.
2 min read
Foreign Hackers Target Critical Infrastructure in Southeast Asia. What It Means for Safety.
A hacking group linked to China compromised at least 10 organizations in Southeast Asia, including state owned entities that manage critical systems affecting public services.
2 min readFake Venezuela Earthquake Charity Sites Steal Your Donations
Scammers created 212 fake charity websites in just five days after Venezuela's earthquake. Here's how to donate safely and protect your family.
3 min read212 Fake Disaster Relief Sites Created in Just 5 Days
Scammers registered 212 fake Venezuelan earthquake relief websites in five days. Here's how to protect yourself when donating after disasters.
3 min read