Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

KadNap Asus router proxy botnet

Malware Activity
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

KadNap is a proxy botnet that compromises Asus routers and other edge devices, creating a stealth channel for malicious traffic from over 14,000 infected devices. First detected in August 2025, it uses a custom Kademlia DHT to conceal infrastructure and resist disruption. Infection relies on aic.sh, a cron-based persistence chain, and a malicious payload that runs on ARM and MIPS devices.

Related Happenings

Showboat / kworker Linux post-exploitation malware activity

Malware Activity
First: 21.05.2026 17:00 Last: 21.05.2026 17:00 Sources 1

About this happening: Researchers tied **Showboat** / **kworker** to a stealthy **Linux post-exploitation framework** being reused across multiple Chinese threat clusters, raising concern that a shared...

Open Happening

Operation Lightning takedown of SocksEscort proxy service

Law Enforcement
First: 13.03.2026 12:00 Last: 13.03.2026 12:00 Sources 1

About this happening: International law enforcement partners **dismantled** the **SocksEscort** proxy service in **Operation Lightning**, disrupting a cybercrime network used to hide originating IP add...

Open Happening

AVRecon malware for Linux powering SocksEscort proxy network

Malware Activity
First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: The **AVRecon** malware for Linux powered the **SocksEscort** proxy network, turning compromised **Linux-based SOHO routers** into traffic-routing nodes at scale. It was believed...

Open Happening

DOJ and Europol takedown of SocksEscort proxy network

Law Enforcement
First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: U.S. and European law enforcement **took down** **SocksEscort**, a long-running cybercrime proxy network that routed traffic through compromised edge devices. The action **seized...

Open Happening

KadNap botnet turns ASUS routers into residential proxies

Malware Activity
First: 10.03.2026 17:01 Last: 10.03.2026 17:01 Sources 1

About this happening: The **KadNap** botnet is now compromising **ASUS routers** and other edge networking devices, turning them into **residential proxies** that can hide malicious traffic. The networ...

Open Happening

Timeline

  1. 10.03.2026 18:00 2 articles · 2mo ago

    KadNap proxy botnet disclosure

    Initial Disclosure

    Lumen/Black Lotus Labs disclosed KadNap as a new malware family targeting Asus routers and other edge devices to build a stealth proxy botnet, with more than 14,000 infected devices and over 60% of victims in the U.S. The malware uses a custom Kademlia DHT to conceal command-and-control infrastructure, relies on aic.sh and cron-based persistence to rename and run .asusrouter and kad, can target ARM and MIPS devices, and is linked to Doppelgänger, a proxy service assessed as a rebrand of Faceless.

    Show sources
    Open in new tab