-
Hackers took control of over 14,000 devices (predominantly Asus routers) to create a powerful botnet named KadNap.
-
The KadNap botnet operates on a decentralized P2P; as such, this botnet is very difficult to dismantle.
-
The crew behind this botnet rent out access to the hijacked routers to other attackers through a service called Doppelganger. Anyone willing to pay gets the keys for all sorts of attacks and break-ins.
Criminals took over thousands of routers worldwide, building a botnet unlike anyone we’ve seen before. Security researchers only found this malware recently.
The botnet named KadNap is in a whole different league of its own, a new breed of cyber weapon that’s incredibly hard to stop.
How KadNap Hijacks Routers
This malware mostly targets Asus routers sitting pretty in homes and offices. Lumen researchers recently discovered the botnet and reported their findings.
According to the report, the attackers aren’t targeting any personal or work files. They want your router’s silent power. When they take over your device, they’re adding it to an invisible network they control, the perfect cover for launching digital attacks.
How KadNap Botnet Works
The malware infects your router quietly without raising any suspicion. You might experience occasional sluggish connection, that’s all. Every other thing works normally. Meanwhile, criminals have secretly linked up the router with a thousand others to form a botnet.
What Makes KadNap So Dangerous
Most botnets have a weak spot, which is their central command center. When you shut this command center down the whole operation falls apart. However, KadNap has a clever way of avoiding this. It uses peer-to-peer connections.
No single boss to arrest, no single server to seize. Each infected device communicates directly with others, so the botnet keeps running even if investigators break up parts of it.
Lumen’s report warns that more and more everyday gadgets, routers, smart home tools, etc, are opening up new doors for attacks like this. As our homes fill up with connected devices, the risk just keeps growing.
KadNap Malware has Spread to Numerous Devices Around the World
The infected routers are everywhere, but the US has the highest number of infected devices. Then there’s the UK, Australia, Russia, Brazil, and Europe.
What’s the motivation behind this? Because activity coming from your home network appears completely normal, like an everyday user simply browsing the internet.. When they launch an attack using your router, it appears like a regular person surfing the internet, even advanced security tools find it hard to tell the difference. That’s how they bypass the strongest defenses.
The Doppelganger Sales Pitch
Here’s the interesting part: the attackers aren’t hoarding their creation. Through Doppelganger, they rent out the power of their massive botnet to others. It’s cybercrime as a service.
People pay for access to these hijacked routers. They use them to launch brute-force attacks, hammering websites until they steal passwords, or run targeted hacks against specific companies or individuals.
Lumen doesn’t sugarcoat it. Every IP address linked to KadNap could be a threat. Businesses and everyday people might be targets right now and never know their own routers are being used in cyberattacks.
The scariest part? Life goes on for most victims. The router light blinks normally, and everything works. The family streams movies, plays games, and checks email without knowing what’s going on. All the while, that same little box might be helping hackers break into a bank or disrupt a government office thousands of miles away.
This invisible compromise is exactly what happened with Notepad++ users who continued updating their software normally for six months, never suspecting that the update system itself had been turned against them, a chilling reminder that the things we trust most can become the vectors for our own compromise.
