In one of the most significant cyberattacks of 2026, over 14,000 routers have been breached. Primarily affecting Asus models, the malware named KadNap is converting these devices into a botnet for extensive attacks. Alarmingly, cybersecurity specialists assert that KadNap operates in a decentralized manner, making it challenging to identify and even more difficult to neutralize. Without a central command, the malicious activities are distributed among all infected devices, enabling the botnet to seamlessly merge with standard internet traffic. Consequently, harmful actions can masquerade as ordinary browsing activity.
The KadNap operation was first disclosed in a report by Lumen’s Black Lotus Labs. A significant portion of the compromised routers is located in the United States, although numerous others are found across Europe, Brazil, Russia, Australia, and parts of Asia.
Indicators of an Infected Device
Since at least August 2025, KadNap has been targeting routers, and it continues to pose a significant threat. If your device becomes infected, cybercriminals can sell access to your compromised connection, allowing them to funnel their harmful traffic through over 14,000 distinct IP addresses. This tactic facilitates brute-force attacks, targeted exploitation, and various forms of online misconduct, all while evading detection.
Signs that your router might be infected include sluggish internet performance, slow device responsiveness, connection instability, and other common warning signals. To safeguard your router, it is crucial to keep security and firmware updates current. Additionally, always utilize strong passwords, change them frequently, and disable remote access features when they are not needed. Should you suspect your device is infected, performing a full factory reset may be required, as a mere reboot will not suffice against this type of malware.
