KadNap Botnet Converts ASUS Routers into a Global Residential Proxy Network

March 12, 2026 at 12:58 AM

•

1 min read

KadNap Botnet Converts ASUS Routers into a Global Residential Proxy Network — Photo: BleepingComputer

TL;DR Summary

KadNap, a new botnet, hijacks ASUS routers and other edge devices to form a peer-to-peer proxy network for malicious traffic. By August 2025 it controlled about 14,000 devices, using a custom Kademlia DHT to locate C2s, though two fixed nodes connect early to the C2s, aiding takedowns. Infections start by pulling aic.sh from 212.104.141.140, establish persistence via a cron job every 55 minutes, and install an ELF payload kad. KadNap’s DHT design aims to decentralize control, but the two steady nodes undermine this to some extent. The botnet is linked to the Doppelganger proxy service, which rents infected devices as residential proxies for DDoS, credential stuffing, and brute-force campaigns. Lumen has blocked KadNap traffic on its network and will publish IOC to help others disrupt the botnet.

Topics:technology #asus-routers #botnet #cybersecurity #kademlia-dht #kadnap #residential-proxies

Share this article

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network BleepingComputer
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet The Hacker News
Asus routers hijacked to power dangerous cybercrime proxy network - here's what we know TechRadar
14,000 routers are infected by malware that’s highly resistant to takedowns Ars Technica
KadNap bot compromises 14,000+ devices to route malicious traffic Security Affairs

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 5 min read

Condensed

84%

806 → 127 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights