KadNap DHT Botnet Turns 14k Edge Devices into Stealth Proxies; ClipXDaemon Hijacks Linux Wallet Addresses

March 11, 2026 at 09:40 PM

•

1 min read

KadNap DHT Botnet Turns 14k Edge Devices into Stealth Proxies; ClipXDaemon Hijacks Linux Wallet Addresses — Photo: The Hacker News

TL;DR Summary

Security researchers uncovered KadNap, a new malware targeting Asus routers and other edge devices that forms a decentralized, Kademlia DHT–based proxy botnet with over 14,000 infected hosts (majority in the U.S.). It uses a shell script downloaded from a C2 at 212.104.141.140 to install persistence, fetch a kad ELF, and join a peer-to-peer network that hides C2 traffic and feeds a Doppelgänger proxy service; the operators tier targets, close SSH (port 22), and collect host time and uptime to build peer hashes for network coordination. The same report also details ClipXDaemon, a memory-only Linux clipboard hijacker that replaces copied cryptocurrency wallet addresses in real time for multiple coins, with no C2 or beaconing and designed to avoid Wayland sessions.

Topics:technology #botnet #clipxdaemon #iot #kadnap #routers #security

Share this article

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet The Hacker News
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network BleepingComputer
Asus routers hijacked to power dangerous cybercrime proxy network - here's what we know TechRadar
14,000 routers are infected by malware that’s highly resistant to takedowns Ars Technica
KadNap bot compromises 14,000+ devices to route malicious traffic Security Affairs

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

86%

825 → 119 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights