Thousands of Asus routers have been compromised by a sophisticated malware, dubbed KadNap, capable of enlisting devices into a botnet for criminal operations. Researchers estimate over 14,000 devices have been infected since August 2025.
KadNap exploits unpatched vulnerabilities, turning infected routers into proxy servers to hide malicious traffic. This botnet is designed for scalability and resistance to takedowns, with approximately 60% of affected devices located in the U.S.
To check if your router is infected, compare your device log's IP address and file hash against indicators of compromise. A factory reset is required for removal, as a simple reboot will not eliminate the malware. Network security best practices, including updating firmware, changing default passwords, and disabling remote access, are crucial for prevention.