RESEARCHERS have uncovered a takedown-resistant botnet of 14,000 routers and other network devices, primarily made by Asus, conscripting them into a proxy network used for cybercrime. The malware, dubbed KadNap, takes hold by exploiting unpatched vulnerabilities, according to Black Lotus Labs. The infection rate averages about 14,000 devices per day, up from 10,000 last August, with compromised devices largely located in the United States.
KadNap uses a sophisticated peer-to-peer design based on Kademlia, employing distributed hash tables to conceal the IP addresses of its control servers and to resist traditional takedown methods. Infected devices are used to carry traffic for Doppelganger, a fee-based proxy service, and researchers note that simply restarting a device will not disinfect it because KadNap stores a shell script that runs on reboot.
To remove the infection, owners are advised to factory reset, install all firmware updates, use strong administrative passwords, and disable remote access unless needed.