Asus routers hijacked to power dangerous cybercrime proxy network - here's what we know

News
By published

KadNap is being used against Asus routers

Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
(Image credit: Getty Images)
  • New KadNap malware infects 14,000+ routers
  • Botnet uses custom Kademlia DHT protocol for resilience
  • Proxy network Doppelgänger already active in the wild

A new malware strain has been found assimilating Asus routers into a botnet for malicious proxy traffic.

Security researchers Black Lotus spotted the new network, named KadNap, and warned that in less than a year it has managed to infect more than 14,000 devices, mostly made by Asus.

The attackers don’t seem to be targeting that manufacturer specifically, so it may be the case these products are relatively easy to compromise, or there are plenty of vulnerable devices out there, compared to competing endpoints. The majority of the victims (60%) are located in the US. The remaining 40% are split between Taiwan, Hong Kong, Russia, the UK, Australia, Brazil, France, Italy, and Spain.

Article continues below

EDR killer

What makes this botnet unique is the use of the Kademlia Distributed Hash Table (DHT) protocol, a P2P network protocol used to store and find data across a decentralized network.

Instead of relying on a central server, millions of computers cooperate to locate files and information, making it quite resilient against possible law enforcement disruption efforts.

"KadNap employs a custom version of the Kademlia Distributed Hash Table (DHT) protocol, which is used to conceal the IP address of their infrastructure within a peer-to-peer system to evade traditional network monitoring," Black Lotus said in its report.

“The innovative use of the DHT protocol allows the malware to establish robust communication channels that are difficult to disrupt, by hiding in the noise of legitimate peer-to-peer traffic," they added.

KatNap is apparently used to build a proxy network called Doppelgänger which seems to be a rebrand of a previous network called Faceless. This one, the researchers say, was built using TheMoon malware.

The botnet is past the construction stage, since it is apparently already being used in the wild.

Via The Hacker News

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.