- New KadNap malware infects more than 14,000 routers
- Botnet uses custom Kademlia DHT protocol for resilience
- Doppelgänger proxy network is now active
A new strain of malware has been found that assimilates Asus routers into a botnet for malicious proxy traffic.
Security researchers Black Lotus detected the new network, called KadNap, and warned that in less than a year it has managed to infect more than 14,000 devices, mostly manufactured by Asus.
The attackers do not appear to be specifically targeting that manufacturer, so it may be the case that these products are relatively easy to compromise, or that there are many vulnerable devices, compared to competing endpoints. The majority of victims (60%) are in the United States. The remaining 40% is distributed between Taiwan, Hong Kong, Russia, the United Kingdom, Australia, Brazil, France, Italy and Spain.
Article continues below.
EDR killer
What makes this botnet unique is the use of the Kademlia Distributed Hash Table (DHT) protocol, a P2P network protocol used to store and search data over a decentralized network.
Instead of relying on a central server, millions of computers cooperate to locate files and information, making them quite resistant to possible attempts to disrupt the law.
“KadNap employs a customized version of the Kademlia Distributed Hash Table (DHT) protocol, which is used to hide the IP address of its infrastructure within a peer-to-peer system to evade traditional network monitoring,” Black Lotus said in its report.
“The innovative use of the DHT protocol allows malware to establish robust communication channels that are difficult to disrupt, hiding in the noise of legitimate peer-to-peer traffic,” they added.
KatNap is apparently used to build a proxy network called Doppelgänger, which appears to be a rebrand of a previous network called Faceless. This one, researchers say, was created using TheMoon malware.
The botnet is already past the construction stage, as it is apparently already being used in the wild.
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
