KadNap Malware Turning Asus Routers Into Botnets

March 11, 2026, 10:05 a.m.

Description

A sophisticated new malware called KadNap has been discovered targeting Asus routers and conscripting them into a botnet for proxying malicious traffic. The malware employs a custom version of the Kademlia Distributed Hash Table protocol to conceal its command-and-control infrastructure within a peer-to-peer system, evading traditional network monitoring. The botnet, which has grown to over 14,000 infected devices, is marketed by a proxy service called Doppelganger, tailored for criminal activity. More than 60% of KadNap's victims are based in the United States. The malware demonstrates versatility by targeting various edge networking devices and employing different C2 servers for different victim types.

External References

https://blog.lumen.com/silence-of-the-hops-the-kadnap-botnet
https://otx.alienvault.com/pulse/69b13da0db907023c1bfc480
Tags
botnet
proxy service
iot devices
2026-03-11
kademlia dht
kadnap

Date

  • Created: March 11, 2026, 10:02 a.m.
  • Published: March 11, 2026, 10:02 a.m.
  • Modified: March 11, 2026, 10:05 a.m.

Indicators

  • ebf9de6b67e94b2bd2b0dcda1941e04fef1a1dad830404813e468ab8744b7ed8
  • 0b3dbb951de7a216dd5032d783ba7d0a5ecda2bf872643c3a4ddd1667fb38ffe
  • 212.104.141.140
  • 91.193.19.226
  • 79.141.161.152
  • 45.135.180.38
  • 154.7.253.12
  • 89.46.38.74
  • 45.135.180.177
  • 212.104.141.88
  • 85.158.111.100
Download all indicators here!

Attack Patterns

  • TheMoon
  • KadNap

Additional Informations

  • Taiwan
  • Hong Kong
  • United States of America
  • Russian Federation