KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Summary
A new malware named KadNap has been discovered that is infecting over 14,000 edge devices, predominantly Asus routers, to create a stealth proxy botnet. The malware, first seen in August 2025, is largely targeting devices in the U.S. and is used for proxying malicious traffic.
IFF Assessment
The creation of a large botnet using compromised routers to proxy malicious traffic directly aids threat actors and poses a significant risk to network security.
Defender Context
The emergence of KadNap highlights the ongoing threat posed by compromised network devices, particularly routers, which can be leveraged for malicious activities like proxying traffic. Defenders should prioritize securing edge devices, implementing network segmentation, and monitoring for unusual network activity indicative of botnet participation.