14,000 routers hijacked by KadNap malware to power a hidden proxy botnet

Headline:
“KadNap Malware Unleashes 14,000 Asus Routers into Cybercrime Proxy Network — Here’s How It Happened”

Byline:
Tech Security Desk | April 2025

Story:

In a chilling revelation that underscores the growing sophistication of cybercriminal operations, security researchers have uncovered a sprawling malware campaign that has silently compromised over 14,000 routers and network devices worldwide. The vast majority of these infected devices are Asus routers, which have been hijacked and transformed into a powerful distributed proxy network used to route internet traffic for illicit activities.

The malware, dubbed KadNap by researchers at Black Lotus Labs, the elite research division of Lumen Technologies, represents a significant escalation in the use of consumer-grade hardware for large-scale cybercrime. According to Chris Formosa, a senior researcher at Black Lotus Labs who spoke exclusively with Ars Technica, KadNap spreads by exploiting unpatched vulnerabilities in routers and network devices. The sheer scale of the Asus router infections appears to be linked to the attackers’ ability to obtain and weaponize reliable exploits that specifically target those models.

How KadNap Works

KadNap operates by infiltrating routers and network devices, often through known vulnerabilities that device owners have neglected to patch. Once inside, the malware installs a lightweight proxy service that allows the attackers to route their internet traffic through the compromised device. This effectively masks the true origin of the traffic, making it appear as though it is coming from the victim’s location rather than the cybercriminal’s.

The proxy network created by KadNap is not just a tool for anonymity; it is a full-fledged infrastructure for cybercrime. Researchers believe the network is being used to carry out a variety of malicious activities, including data theft, credential harvesting, distributed denial-of-service (DDoS) attacks, and even the distribution of malware. By leveraging thousands of compromised devices, the attackers can scale their operations while remaining hidden behind a veil of legitimate internet traffic.

The Asus Connection

The high concentration of Asus routers in the infected network is particularly concerning. Asus is a well-known and widely used brand in the consumer and small business markets, known for its reliable and feature-rich networking hardware. However, this popularity has made it a prime target for cybercriminals. The attackers behind KadNap appear to have obtained zero-day or unpatched exploits that specifically affect certain Asus router models, allowing them to compromise devices at scale.

Formosa noted that the attackers’ success with Asus routers highlights a critical issue in cybersecurity: the failure of many users to apply firmware updates and security patches. Many of the infected devices were likely running outdated firmware, leaving them vulnerable to known exploits. This underscores the importance of regular maintenance and vigilance in securing network devices.

The Broader Implications

The discovery of KadNap is a stark reminder of the evolving threat landscape in cybersecurity. As more devices become connected to the internet, the attack surface for cybercriminals continues to expand. Routers and network devices, often overlooked in terms of security, have become prime targets for malware operators. Unlike personal computers or smartphones, routers are typically left untouched for years, making them ideal candidates for long-term compromise.

The use of compromised routers as proxies also raises serious privacy and legal concerns. Victims of KadNap may find themselves unwittingly implicated in cybercrime, as their IP addresses are used to carry out malicious activities. This could lead to false accusations, legal troubles, or even the suspension of internet service by ISPs.

What Can You Do?

For consumers and businesses alike, the KadNap campaign serves as a wake-up call. Here are some steps you can take to protect your network:

1. Update Firmware Regularly: Check for and install firmware updates for your router and network devices. Manufacturers often release patches to address known vulnerabilities.

2. Change Default Credentials: Always change the default username and password on your router. Weak or default credentials are a common entry point for attackers.

3. Enable Automatic Updates: If your router supports it, enable automatic updates to ensure you’re always running the latest, most secure firmware.

4. Monitor Network Activity: Keep an eye on your network for unusual activity, such as unexpected bandwidth usage or unfamiliar devices connected to your network.

5. Consider Professional Help: If you’re unsure about your network’s security, consider consulting a cybersecurity professional to assess and secure your setup.

The Road Ahead

The KadNap malware operation is a sobering example of how cybercriminals are exploiting the growing complexity of our digital lives. As the number of connected devices continues to rise, so too does the potential for large-scale compromise. The discovery of KadNap should serve as a call to action for manufacturers, consumers, and policymakers to prioritize cybersecurity and work together to build a safer digital future.

For now, the fight against KadNap and similar threats continues. Researchers at Black Lotus Labs are working to identify and mitigate the spread of the malware, but the scale of the operation suggests that this is just one battle in a much larger war against cybercrime. As always, vigilance, education, and proactive security measures remain our best defense.

Tags & Viral Phrases:
KadNap malware, Asus routers hacked, 14,000 devices compromised, distributed proxy network, cybercrime infrastructure, unpatched vulnerabilities, Black Lotus Labs discovery, Lumen Technologies research, Chris Formosa insights, router security flaws, zero-day exploits, firmware updates critical, network device hijacking, internet traffic masking, data theft risks, DDoS attacks via routers, credential harvesting, privacy invasion, legal implications, false accusations, ISP suspensions, cybersecurity wake-up call, connected device threats, digital life complexity, cybercrime escalation, malware operation scale, battle against cybercrime, proactive security measures, safer digital future, vigilance and education, firmware patches essential, default credentials danger, network activity monitoring, professional cybersecurity help, manufacturer responsibility, consumer awareness, policy action needed, evolving threat landscape, attack surface expansion, long-term compromise, ideal targets routers, overlooked security, wake-up call for users, scale of operations, hidden behind traffic, illicit activities routing, weaponizing exploits, popular brands targeted, reliability vs security, feature-rich hardware risks, widespread brand vulnerability, Asus model exploits, reliable exploits obtained, critical cybersecurity issue, failure to patch, outdated firmware risks, regular maintenance vital, neglect of updates, cybersecurity escalation, sophisticated cybercriminal operations, chilling revelation, sprawling malware campaign, elite research division, exclusive Ars Technica insights, senior researcher Chris Formosa, lightweight proxy service, full-fledged infrastructure, variety of malicious activities, data theft, credential harvesting, DDoS attacks, malware distribution, prime target for cybercriminals, common entry point, weak credentials, strong passwords, username changes, automatic updates enabled, bandwidth usage anomalies, unfamiliar devices, network security assessment, cybersecurity professional consultation, growing complexity, rising connected devices, potential for compromise, call to action, manufacturers consumers policymakers, prioritize cybersecurity, safer digital future, fight continues, mitigate spread, scale of operation, larger war against cybercrime, best defense vigilance education proactive measures, sobering example, exploit growing complexity, battle in larger war, vigilance education proactive measures, sobering example, exploit growing complexity, battle in larger war, vigilance education proactive measures, sobering example, exploit growing complexity, battle in larger war, vigilance education proactive measures.

,