Cybersecurity researchers have identified KadNap, a sophisticated botnet that has infected approximately 14,000 routers and network devices, predominantly Asus models. This botnet operates as a proxy network, anonymously routing traffic used for cybercrime.
The KadNap malware exploits unpatched vulnerabilities, with a high concentration of Asus routers being affected. Researchers note the botnet's advanced peer-to-peer design, based on Kademlia, utilizes distributed hash tables to conceal command-and-control servers. This structure makes the botnet highly resistant to traditional takedown methods.
First discovered last August with 10,000 infected devices, the botnet has since grown to an average of 14,000 compromised routers daily. The majority of these infected devices are located in the United States, with smaller numbers in Taiwan, Hong Kong, and Russia. The decentralized control via peer-to-peer networking distinguishes KadNap, making detection and defense challenging for cybersecurity professionals.