KadNap botnet turns ASUS routers into residential proxies
Malware Activity
Summary
Hide ▲
Show ▼
The KadNap botnet is now compromising ASUS routers and other edge networking devices, turning them into residential proxies that can hide malicious traffic. The network has reached 14,000 devices since August 2025, expanding the pool of infrastructure available for abuse. Its custom Kademlia DHT design makes the control plane harder to identify and disrupt.
Related Happenings
Fast16 Lua-based network worm
Malware Activity
First: 27.04.2026 16:09
Last: 27.04.2026 16:09
Sources 1
About this happening:
Researchers identified **fast16**, a previously undocumented **Lua-based network worm** that can silently corrupt high-precision calculations and threaten legacy scientific and en...
Fast16 Lua-based network worm
Malware ActivityAbout this happening: Researchers identified **fast16**, a previously undocumented **Lua-based network worm** that can silently corrupt high-precision calculations and threaten legacy scientific and en...
China-nexus hijacked-device proxy network campaign
Campaign
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
China-nexus hijacked-device proxy network campaign
CampaignAbout this happening: China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Nexcorium Mirai botnet activity on TBK DVR devices
Malware Activity
First: 18.04.2026 09:01
Last: 18.04.2026 09:01
Sources 1
About this happening:
**Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...
Nexcorium Mirai botnet activity on TBK DVR devices
Malware ActivityAbout this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...
Operation Lightning takedown of SocksEscort proxy service
Law Enforcement
First: 13.03.2026 12:00
Last: 13.03.2026 12:00
Sources 1
About this happening:
International law enforcement partners **dismantled** the **SocksEscort** proxy service in **Operation Lightning**, disrupting a cybercrime network used to hide originating IP add...
Operation Lightning takedown of SocksEscort proxy service
Law EnforcementAbout this happening: International law enforcement partners **dismantled** the **SocksEscort** proxy service in **Operation Lightning**, disrupting a cybercrime network used to hide originating IP add...
Timeline
-
10.03.2026 17:01 1 articles · 2mo ago
KadNap botnet turns ASUS routers into residential proxies
Initial DisclosureThe initial phase starts when a targeted device downloads **aic.sh** from **212.104.141[.]140** and runs the **kad** ELF payload. The malware then sets persistence with a cron job that repeats every **55 minutes**.
Show sources
- New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network — www.bleepingcomputer.com — 10.03.2026 17:01