Ethical Hacking News
The KadNap botnet, a highly resilient network of infected routers, poses a significant threat to cybersecurity stability due to its sophisticated design and peer-to-peer technology. With over 14,000 compromised devices located globally, this malware exploits vulnerabilities in Asus routers that have gone unpatched, making it challenging for defenders to take down using traditional methods.
A sophisticated botnet dubbed KadNap has been discovered, consisting of 14,000 infected routers and other network devices. The malware exploits vulnerabilities in unpatched Asus routers, making it a formidable threat to cybersecurity stability. The botnet uses peer-to-peer technology based on Kademlia distributed hash tables (DHTs), making it challenging for defenders to protect against takedowns or denial of service attacks. The malware locates and retrieves information through a process of pollination and proximity calculation, using XOR distance as a metric. The botnet's high concentration of Asus routers in specific regions makes it difficult to detect and take down using traditional methods. Device owners are advised to perform factory resets, install firmware updates, use strong administrative passwords, and disable remote access to prevent infection.
ars Technica has recently reported on a sophisticated and highly resilient botnet, dubbed KadNap, which consists of 14,000 infected routers and other network devices. The malware, developed by researchers at security firm Lumen's Black Lotus Labs, exploits vulnerabilities in Asus routers that have gone unpatched, making it a formidable threat to cybersecurity stability.
In a recent article published on Ars Technica, Chris Formosa, a researcher at Black Lotus Labs, explained the design of the KadNap botnet and its use of peer-to-peer technology based on Kademlia distributed hash tables (DHTs). According to Formosa, DHTs allow any node in the network to poll other nodes for location lookups without relying on centralized servers. This decentralized structure makes it challenging for defenders to protect against takedowns or denial of service attacks.
The KadNap botnet obtains its key by utilizing a variant of Kademlia's peer-to-peer protocol, which allows it to locate and retrieve the desired information through a process of pollination and proximity calculation. When an infected router is polled by another node, it uses XOR distance as a metric to determine the closest nodes until it finds a match.
The botnet's high concentration of Asus routers, primarily located in the US, Taiwan, Hong Kong, and Russia, makes it difficult to detect and take down using traditional methods. The malware also stores a shell script that runs when an infected router reboots, ensuring that devices remain compromised if not properly disinfected.
To combat this threat, Black Lotus Labs is distributing indicators of compromise (IOCs) to public feeds to help other parties block access to the control infrastructure. Additionally, researchers recommend device owners perform factory resets and ensure all firmware updates have been installed, with strong administrative passwords and disabled remote access whenever possible.
The KadNap botnet's sophisticated design and peer-to-peer technology make it a significant threat to cybersecurity stability. Its resilience against takedowns and denial of service attacks highlights the need for security researchers and organizations to stay vigilant and develop effective countermeasures to mitigate this risk.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Resilient-KadNap-Botnet-A-Threat-to-Cybersecurity-Stability-ehn.shtml
https://arstechnica.com/security/2026/03/14000-routers-are-infected-by-malware-thats-highly-resistant-to-takedowns/
Published: Wed Mar 11 19:14:58 2026 by llama3.2 3B Q4_K_M
