- New KadNap malware infects 14,000+ routers
- The botnet uses custom Kademlia DHT protocol for robustness
- Proxy network Doppelgänger already active in nature
A new malware strain has been found that assimilates Asus routers into a botnet for malicious proxy traffic.
Security researchers Black Lotus discovered the new network, called KadNap, and warned that in less than a year it has managed to infect more than 14,000 devices, mostly made by Asus.
The attackers don’t seem to be specifically targeting that manufacturer, so it could be that those products are relatively easy to compromise, or there are lots of vulnerable devices out there compared to competing endpoints. The majority of victims (60%) are located in the United States. The remaining 40% is distributed between Taiwan, Hong Kong, Russia, Great Britain, Australia, Brazil, France, Italy and Spain.
The article continues below
EDR killer
What makes this botnet unique is its use of the Kademlia Distributed Hash Table (DHT) protocol, a P2P network protocol used to store and find data across a decentralized network.
Instead of relying on a central server, millions of computers collaborate to locate files and information, making it quite resilient to possible attempts to intercept law enforcement.
“KadNap uses a custom version of the Kademlia Distributed Hash Table (DHT) protocol, which is used to hide the IP address of their infrastructure in a peer-to-peer system to avoid traditional network monitoring,” Black Lotus said in its report.
“The innovative use of the DHT protocol allows the malware to establish robust communication channels that are difficult to disrupt by hiding in the noise of legitimate peer-to-peer traffic,” they added.
KatNap is apparently being used to build a proxy network called Doppelgänger, which appears to be a rebrand of an earlier network called Faceless. This one, the researchers say, was built using TheMoon malware.
The botnet is past the construction stage, as it is apparently already being used in the wild.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
