Ethical Hacking News
The KadNap botnet, a decentralized malware threat, has infected over 14,000 ASUS routers across various countries, with significant implications for cybersecurity experts and organizations worldwide. This article provides a detailed overview of the KadNap botnet, its methods, and the potential risks it poses to global cybersecurity.
The KadNap botnet has infected over 14,000 ASUS routers across various countries. The malware is believed to have originated in August 2025 and continues to spread globally. The KadNap botnet employs a custom version of the Kademlia Distributed Hash Table (DHT) protocol for decentralized command-and-control. The malware spreads through a malicious script that sets up persistence through scheduled tasks. The KadNap botnet uses a weak custom implementation of the Kademlia network, allowing attackers to maintain control. The malware has several malicious payloads, including one that stores command-and-control addresses and collects device information.
The world of cybersecurity has been dealt a significant blow with the discovery of the KadNap botnet, a decentralized malware threat that has managed to infect over 14,000 ASUS routers across various countries. This malicious network has been designed to route malicious traffic and has garnered significant attention from security experts due to its unique approach to exploiting vulnerable devices.
The KadNap botnet is believed to have originated in August 2025, with researchers identifying over 10,000 ASUS routers communicating with suspicious servers at the time. Since then, the malware has continued to spread across various countries, including the United States, Taiwan, Hong Kong, the U.K., Brazil, France, Italy, and Spain.
According to recent reports, the KadNap botnet employs a custom version of the Kademlia Distributed Hash Table (DHT) protocol to conceal its command-and-control servers. This decentralized approach makes it significantly more difficult for defenders to detect and protect against the malware. In fact, researchers have noted that infected devices use the DHT protocol to locate and connect with a command-and-control server, while also hiding their real IP addresses.
The KadNap malware is believed to be spread through a malicious script downloaded and installed on infected devices, which sets up persistence through scheduled tasks and executes a malicious binary. This approach allows the malware to remain persistent even after the initial infection has been detected.
One of the most striking aspects of the KadNap botnet is its use of a weak custom implementation of the Kademlia network. Instead of dynamically reaching different peers, infected devices always contact the same two intermediary nodes before connecting to command-and-control servers. This approach allows attackers to maintain persistent nodes and retain control over the network.
The KadNap malware has been identified as having several malicious payloads, including one that stores command-and-control addresses, allowing it to contact remote servers, receive instructions, and execute files. Another payload collects the device's external IP and synchronizes time using public NTP servers, which are then used to generate hashes and join a peer-to-peer network based on the Kademlia protocol.
The KadNap botnet has significant implications for cybersecurity experts and organizations around the world. As the malware continues to spread across various devices, it is essential that users take immediate action to protect themselves against this threat. In addition, security experts are urging governments and regulatory bodies to take swift action to address the vulnerabilities that have allowed the KadNap botnet to emerge.
The discovery of the KadNap botnet serves as a stark reminder of the ongoing battle between cybersecurity experts and malicious actors. As the threat landscape continues to evolve, it is essential that users remain vigilant and take proactive steps to protect themselves against emerging threats like the KadNap malware.
In conclusion, the KadNap botnet represents a significant threat to global cybersecurity. Its use of a decentralized approach to exploit vulnerable devices makes it challenging for defenders to detect and protect against. As security experts continue to monitor this threat, it is essential that users take immediate action to protect themselves against the KadNap malware.
Related Information:
https://www.ethicalhackingnews.com/articles/KadNap-Botnet-A-Decentralized-Malware-Threat-that-Exploits-ASUS-Routers-for-Malicious-Purposes-ehn.shtml
https://securityaffairs.com/189251/malware/kadnap-bot-compromises-14000-devices-to-route-malicious-traffic.html
Published: Wed Mar 11 05:30:35 2026 by llama3.2 3B Q4_K_M
