The “Go Client” Trap: Why Your RustDesk ID is Currently Under Automated Botnet Siege
Ddos 
The renowned open-source remote access utility, RustDesk, was besieged in late January 2026 by an automated campaign orchestrated by a sprawling botnet. This offensive does not exploit inherent software vulnerabilities; rather, it relies upon a deluge of automated connection solicitations designed to deceive users into granting unauthorized access.
Affected individuals are confronted with a connection request originating from a client designated as “Go Client.” The interface presents the user with a choice to either “Accept” or “Reject”; should one inadvertently authorize the request, the device falls under the immediate dominion of the botnet.
Once a foothold is established, the botnet executes scripted commands to deploy ancillary malware and ensure systemic persistence. Due to the sheer scale of the automated scanning, the probability of user error—resulting in the accidental sanctioning of a connection—is markedly elevated.
The hallmarks of this campaign include:
- Arbitrary Solicitation: Connection requests from “Go Client” emanating from a myriad of disparate IP addresses and identifiers.
- Automated Reconnaissance: The utilization of mechanical scripts to traverse the internet, identifying active RustDesk IDs to initiate contact.
- Non-Targeted Incursion: Opportunistic access attempts that bypass the necessity of a pre-shared password by relying solely on user consent.
To fortify defenses against such incursions, the development collective advocates the following measures:
- Absolute Vigilance: Categorically refrain from sanctioning any connection requests from unfamiliar or suspicious origins.
- Credential Mandates: Navigate to the security parameters and reconfigure the “Accept” protocol to require a password, thereby rendering a simple click insufficient for access.
- Cryptographic Rigor: Establish a complex, high-entropy password and mandate its verification for every session.
- Sovereign Hosting: Transition to a self-hosted RustDesk infrastructure while meticulously shielding the server’s IP address and public keys from public exposure.
- Advanced Access Control: Adopt the Professional (Self-Hosted) edition to leverage sophisticated Access Control Lists (ACLs) for heightened systemic protection.
- Multi-Factor Authentication: Enable Two-Factor Authentication (2FA) or implement IP Whitelisting to restrict access exclusively to verified and trusted network addresses.
Related Posts:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
