Check Your Asus Router for Malware Immediately.
If you have an Asus router on your home network, it may have been targeted by a sophisticated form of malware capable of adding devices to a botnet and using them for criminal activity. Researchers from Black Lotus Labs, part of Lumen , identified this threat , dubbed KadNap, in August 2025 and estimated that over 14,000 devices were infected.
How KadNap Hacks Home Networks
As Ars Technica reports , KadNap exploits unpatched vulnerabilities in connected devices, most of which are Asus routers. Infected devices are added to a proxy network that can hide malicious traffic. In this case, they forward traffic to the Doppelganger service, which allows users to anonymously browse the web, conduct brute-force attacks, and deliberately exploit vulnerabilities.
KadNap is particularly difficult to detect because its protocol obscures the IP addresses of hackers’ command and control (C2) servers, allowing it to evade traditional monitoring methods. This design also ensures high scalability and resilience to removal.
It is estimated that around 60% of the affected devices are located in the United States, with Taiwan, Hong Kong, and Russia accounting for another 5% each, and the remainder spread across numerous other countries around the world.
Check your router for malicious activity.
If you suspect your router is infected with KadNap, compare the IP address and file hash in the device log with the indicators of compromise (IOC) from Black Lotus Labs. You will need to perform a factory reset, as rebooting will run the shell script rather than remove the malware.
You can also run IP Check , a tool from threat monitoring company Greynoise, which can help you determine whether your router is being used for malicious purposes (by the KadNap botnet or something else). If your IP address is flagged as suspicious, you’ll be able to see recent scanning activity for further investigation.
When it comes to network security, prevention is better than defense . Update your network name and administrator password to replace the default values ββon your router (they’re easy to spot). Consider disabling remote access to prevent attackers from changing settings without your knowledge, and log out of your administrator account when not in use. Finally, regularly update your router’s firmware to ensure vulnerabilities are quickly patched.