More than 14,000 routers have been compromised in one of 2026’s most widespread cyberattacks so far. Mostly targeting Asus routers, the malware known as KadNap is taking devices and turning them into a botnet for large-scale attacks. Worse, the threat has no end in sight. Cybersecurity experts say KadNap is totally decentralized, so it’s hard to detect and even harder to stop. Instead of one central command center, the activity’s being split up over all 14,000+ devices. This peer-to-peer setup also lets the botnet blend into normal internet traffic. That way, any malicious activity just looks like routine browsing behavior.
The KadNap campaign was first uncovered in a report by Lumen’s Black Lotus Labs. The majority of the infected devices are located in the United States, but there are plenty of others scattered across Europe, Brazil, Russia, Australia, and parts of Asia, as well.
Signs of an infected device to look out for
KadNap has been infecting routers since at least August 2025, and it’s still an ongoing threat to this day. Once your device gets compromised, the cybercriminals will sell access to your hijacked connection. Hackers can then route their malicious traffic through the 14,000+ different IP addresses to carry out brute-force attacks, targeted exploitation campaigns, and whatever other forms of online abuse might be on their agenda… all while avoiding detection.
If your router’s been infected, you’ll start to see some obvious warning signs like slow internet performance, slow devices, unstable connection, and all those classic red flags. To protect your router, always make sure you’ve got the latest security and firmware updates installed. Also, remember to use strong passwords, change them often, and disable remote access features when not in use. If you think your device might be infected, a full factory reset might be the only fix. (A reboot alone won’t cut it with malware like this.)
Stephan is the sports journalist for the Maple Grove Report.
