KadNap Malware Campaign Targets Asus Router Infrastructure
Security researchers at Black Lotus Labs discovered a new malware strain called KadNap that's systematically compromising Asus routers to build a proxy botnet. The campaign began in August 2025 and has steadily expanded its reach over the past seven months.
The malware transforms infected routers into proxy nodes that route malicious traffic, effectively turning home and business networks into unwitting accomplices in cybercriminal operations. Attackers leverage the compromised devices to mask their true locations and evade detection systems.
14,000 Asus Routers Compromised Across Global Networks
The botnet has infected more than 14,000 Asus router devices worldwide, with the United States bearing the brunt of the attack. Over 60% of compromised devices are located within U.S. networks, making American home and business users the primary targets.
The remaining 40% of infections span international networks, though specific regional breakdowns weren't disclosed in the research findings. All affected devices appear to be Asus-branded routers, suggesting the malware exploits vendor-specific vulnerabilities or configuration weaknesses.
Router Owners Must Check for Compromise and Apply Patches
Asus router administrators should immediately check their devices for signs of compromise and ensure firmware is updated to the latest version. The CISA Known Exploited Vulnerabilities catalog provides guidance on identifying compromised network infrastructure.
Network monitoring tools can detect unusual proxy traffic patterns that indicate KadNap infection. Organizations should also review their security update processes to prevent similar router-based attacks from succeeding in the future.
