"The KadNap botnet stands out among others that support anonymous proxies in its use of a peer-to-peer network for decentralized control. Their intention is clear: avoid detection and make it difficult for defenders to protect against."
"The malware-dubbed KadNap-takes hold by exploiting vulnerabilities that have gone unpatched by their owners. The high concentration of Asus routers is likely due to botnet operators acquiring a reliable exploit for vulnerabilities affecting those models."
"One of the most salient features of KadNap is a sophisticated peer-to-peer design based on Kademlia, a network structure that uses distributed hash tables to conceal the IP addresses of command-and-control servers. The design makes the botnet resistant to detection and takedowns through traditional methods."
Security researchers discovered KadNap, a botnet comprising approximately 14,000 compromised routers and network devices, predominantly Asus models, that have been infected through unpatched vulnerabilities. The botnet operates as a proxy network facilitating anonymous traffic for cybercriminal activities. KadNap distinguishes itself through sophisticated peer-to-peer architecture based on Kademlia, utilizing distributed hash tables to conceal command-and-control server IP addresses. This decentralized design makes the botnet highly resistant to traditional detection and takedown methods. Infected devices are primarily located in the United States, with smaller populations in Taiwan, Hong Kong, and Russia. The infection rate has grown from 10,000 devices in August to 14,000 daily average, indicating expanding compromise.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]