KadNap Malware Turning Asus Routers Into Botnets
Essential information
- Published
- 11/03/2026 10:02
- Modified
- 11/03/2026 10:05
- Tags
- 2026-03-11 botnet iot devices kademlia dht kadnap proxy service
- Related entities
- 11 observables, 15 techniques (mitre), 2 malware, 4 others
Description
A sophisticated new malware called KadNap has been discovered targeting Asus routers and conscripting them into a botnet for proxying malicious traffic. The malware employs a custom version of the Kademlia Distributed Hash Table protocol to conceal its command-and-control infrastructure within a peer-to-peer system, evading traditional network monitoring. The botnet, which has grown to over 14,000 infected devices, is marketed by a proxy service called Doppelganger, tailored for criminal activity. More than 60% of KadNap's victims are based in the United States. The malware demonstrates versatility by targeting various edge networking devices and employing different C2 servers for different victim types.