What is the KadNap malware and how many devices has it infected?

KadNap is a new malware strain that has infected over 14,000 routers, with most of the victims being Asus devices.

How does the KadNap botnet maintain resilience against disruption?

The KadNap botnet uses a custom version of the Kademlia Distributed Hash Table (DHT) protocol, a peer-to-peer system that hides its infrastructure IPs and makes communication channels difficult to disrupt.

What is the Doppelgänger proxy network and is it active?

Doppelgänger is a proxy network built using the KadNap malware, and it is already active and operating in the wild.

Home / Technology / 14,000+ Routers Assimilated into Doppelgänger Botnet

14,000+ Routers Assimilated into Doppelgänger Botnet

11 Mar

•

Summary

New KadNap malware has infected over 14,000 routers.
The botnet utilizes a custom Kademlia DHT for resilience.
The proxy network, Doppelgänger, is already active.

14,000+ Routers Assimilated into Doppelgänger Botnet

A sophisticated new malware named KadNap has emerged, successfully assimilating over 14,000 routers into a botnet within a year.

Security researchers revealed that the majority of these compromised devices are made by Asus, though the attackers may not be specifically targeting the brand. The United States accounts for 60% of the infections, with the remaining 40% spread across Taiwan, Hong Kong, Russia, the UK, Australia, Brazil, France, Italy, and Spain.

What distinguishes KadNap is its innovative use of a custom Kademlia Distributed Hash Table (DHT) protocol. This peer-to-peer system allows the botnet to conceal its infrastructure IPs and establish robust communication channels that are exceptionally hard to disrupt, by blending into legitimate traffic.