Asus Router Botnet Leverages Kademlia for Resilient Cybercrime Infrastructure

Thousands of Routers Infected by Resilient Kademlia-Based Botnet

March 11, 2026

1 views

Thousands of Routers Infected by Resilient Kademlia-Based Botnet

Researchers discover a 14,000-strong botnet of Asus routers that leverages the Kademlia protocol to resist takedowns and power cybercrime activities.

Researchers have uncovered a takedown-resistant botnet of 14,000 routers and other network devices—primarily made by Asus—that have been conscripted into a proxy network used for cybercrime.

The malware, dubbed KadNap, takes hold by exploiting vulnerabilities that have gone unpatched by their owners, according to Chris Formosa, a researcher at security firm Lumen's Black Lotus Labs. The high concentration of Asus routers is likely due to botnet operators acquiring a reliable exploit for vulnerabilities affecting those models, though Formosa said it's unlikely that the attackers are using any zero-days in the operation.

The number of infected routers averages about 14,000 per day, up from 10,000 last August when Black Lotus discovered the botnet. Compromised devices are overwhelmingly located in the US, with smaller populations in Taiwan, Hong Kong, and Russia.

One of the most salient features of KadNap is its sophisticated peer-to-peer design based on Kademlia, a network structure that uses distributed hash tables to conceal the IP addresses of command-and-control servers. This design makes the botnet resistant to detection and takedowns through traditional methods.

Kademlia is a decentralized, peer-to-peer protocol that allows the botnet to function without relying on a central command-and-control server. This makes it much harder for security researchers and law enforcement to disrupt the botnet's operations by taking down a central point of control.

The Kademlia-based architecture of KadNap also helps to anonymize the traffic flowing through the infected routers, making it difficult to trace the origin of cybercrime activities back to the botnet's operators. This makes the botnet a valuable resource for a wide range of illicit online activities, from spam and DDoS attacks to hosting phishing sites and other malicious content.

According to Formosa, the KadNap botnet stands out among other malware threats due to its scale, resilience, and the sophistication of its underlying architecture. The researchers at Black Lotus Labs are continuing to monitor the botnet's activities and work with industry partners to mitigate the threat it poses.

Source: Ars Technica

distributed hash tables

Biz & IT

botnets

routers

ASUS

Why This Matters

Keeping up with cybersecurity stories like this one is more important than ever, as the pace of change accelerates and new developments reshape the landscape in unexpected ways.

The intersection of distributed hash tables and Biz & IT makes this a particularly noteworthy development to watch, as progress in one area often catalyzes unexpected breakthroughs and disruptions in the other.

In a media environment where cybersecurity stories compete for attention with countless other priorities, this kind of focused and substantive analysis helps cut through the noise and get to what truly matters.

Our editorial team tracks Cybersecurity news around the clock to bring you timely and relevant insights. Cross-cutting themes also appear in our Technology section, alongside our Business coverage. Browse the full spectrum of today's stories on our latest headlines.

Thousands of Routers Infected by Resilient Kademlia-Based Botnet

Comments (0)

Related Articles

The Vulnerabilities Behind Push Notifications: What the FBI Can Access

The Escalating Battle Against Online Deception: Overhauling Credibility Checks

Unlocking Cybersecurity: How AI Detects Security Flaws