Find notable cyber news and cases, enriched with sources, timelines, and signals.

KadNap botnet turns ASUS routers into residential proxies

Malware Activity
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

The KadNap botnet is now compromising ASUS routers and other edge networking devices, turning them into residential proxies that can hide malicious traffic. The network has reached 14,000 devices since August 2025, expanding the pool of infrastructure available for abuse. Its custom Kademlia DHT design makes the control plane harder to identify and disrupt.

Related Happenings

UAT-7810 expands LapDogs ORB network to provide covert routing infrastructure

Threat Actor Meta
H score29 First: 08.07.2026 17:30 Last: 08.07.2026 17:30 Sources 1

About this happening: **UAT-7810** expanded its **LapDogs ORB network**, adding covert routing capacity that helps other hackers hide traffic origin and reach **high-value targets**. The infrastructure...

AryStinger botnet turns outdated routers into proxy executors

Malware Activity
H score60 First: 21.06.2026 17:14 Last: 21.06.2026 17:14 Sources 1

About this happening: The **AryStinger** botnet is **compromising more than 4,000 outdated routers** and converting them into **proxy executors** for malicious traffic, expanding attacker reach and int...

Vo1d botnet campaign targeting unofficial Android-based TV boxes

Campaign
H score88 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

About this happening: **NetNut** used the **Popa botnet** and deceptive SDKs on **off-brand Android-based smart TVs**, streaming media boxes, and unofficial apps to turn home connections into **residen...

Latest development: 03.07.2026 12:35

Google disabled all Google accounts used by NetNut for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing the compromised SDKs. The FBI’s seizure banner appeared on netnut.com while netnut.io briefly remained accessible, and Google said the coordinated actions caused significant degradation to NetNut’s proxy network and business operations.

JDY botnet reconnaissance expansion to 1,500+ SOHO/IoT devices

Malware Activity
H score33 First: 10.06.2026 19:08 Last: 10.06.2026 19:08 Sources 1

About this happening: The **JDY botnet** has expanded to **more than 1,500 compromised SOHO/IoT devices**, making it a larger-scale **reconnaissance scanner** for exposed infrastructure and follow-on t...

Fast16 Lua-based network worm

Malware Activity
H score14 First: 27.04.2026 16:09 Last: 27.04.2026 16:09 Sources 1

About this happening: Researchers identified **fast16**, a previously undocumented **Lua-based network worm** that can silently corrupt high-precision calculations and threaten legacy scientific and en...

Timeline

  1. 10.03.2026 17:01 1 articles · 4mo ago

    KadNap botnet turns ASUS routers into residential proxies

    Initial Disclosure

    The initial phase starts when a targeted device downloads **aic.sh** from **212.104.141[.]140** and runs the **kad** ELF payload. The malware then sets persistence with a cron job that repeats every **55 minutes**.

    Show sources