Researchers have uncovered a 14,000-device botnet called KadNap that's exploiting unpatched vulnerabilities in network equipment, primarily Asus routers. The malware creates a sophisticated proxy network for cybercriminals by using a peer-to-peer structure based on Kademlia distributed hash tables, making it extremely difficult to detect or dismantle.

Black Lotus Labs discovered the botnet has grown from 10,000 infected devices in August to an average of 14,000 daily, with most compromised equipment located in the US, Taiwan, Hong Kong, and Russia. The malware's design eliminates centralized command-and-control servers, instead allowing infected devices to communicate directly through the peer-to-peer network.

The botnet's resilience stems from its decentralized architecture, similar to technologies used by BitTorrent and Inter-Planetary File System. By substituting IP addresses with cryptographic hashes and distributing control across the network, attackers have created a system that resists traditional takedown methods and denial-of-service attacks.