A recently discovered botnet has infected approximately 14,000 routers, primarily from Asus, by exploiting unpatched vulnerabilities, allowing the malware to persist and resist takedown efforts. The malware, known as KadNap, enables the creation of a proxy network that facilitates anonymous cybercrime activities. Researchers at Lumen's Black Lotus Labs have identified the botnet's reliance on exploiting vulnerabilities in unpatched devices, with Asus routers being disproportionately affected due to the availability of reliable exploits for these models1. The botnet's resilience to takedowns poses a significant concern, as it can continue to facilitate malicious activities. This highlights the importance of regular patching and security updates for network devices, as neglecting these vulnerabilities can have severe consequences. The persistence of this botnet underscores the need for proactive security measures to prevent such infections and mitigate potential damage, making it a critical concern for network administrators and security professionals.
14,000 routers are infected by malware that's highly resistant to takedowns
⚡ High Priority
Why This Matters
The high concentration of Asus routers is likely due to botnet operators acquiring a reliable exploit for vulnerabilities affecting those models.
References
- Ars Technica. (2026, March 11). 14,000 routers are infected by malware that's highly resistant to takedowns. https://arstechnica.com/security/2026/03/14000-routers-are-infected-by-malware-thats-highly-resistant-to-takedowns/
Original Source
Ars Technica
Read original →