While tracking malicious activity on the internet, cybersecurity researchers have found a malware strain called KadNap spreading across thousands of networking devices. Their investigation shows that more than 14,000 edge devices have already been drawn into the operation.
Most of the affected systems appear to be home or small-office routers. A noticeable share of the infections involve devices made by ASUS. Once the malware gets inside a router, the device begins passing internet traffic for outside users in the background, while continuing to work normally for its owner.
Instead of depending on one control server, KadNap links infected devices together through a peer-to-peer setup. Each compromised router can communicate with others in the network and pass along instructions. Because there isn’t a single server directing everything, disrupting the network becomes much harder.
The routers are being used as proxies. That means someone can route their online activity through these devices, making it appear as if the traffic is coming from a different location. Networks like this are often used when someone wants to mask the real source of their internet activity.
Routers are a common target because many remain unchanged after installation. Firmware updates are often ignored, and remote access features sometimes stay enabled longer than necessary.
It is recommended to follow these steps to reduce the risk:
- Install the latest router firmware updates
- Change default login credentials
- Disable remote management features unless absolutely necessary
- Replace devices that no longer receive security updates
While a compromised router might continue working normally, it could still be quietly helping power a cybercrime infrastructure in the background.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn, Youtube and Instagram to keep the spark alive.
