Right now, somewhere in the world, a home or office router is quietly routing cybercriminal traffic, and its owner completely unaware.
That’s the reality revealed by the discovery of KadNap, a sophisticated malware campaign that has become one of the most significant cybersecurity stories of 2026.
What Is KadNap?
Cybersecurity researchers at Black Lotus Labs discovered KadNap malware primarily targeting Asus routers, conscripting them into a botnet that proxies malicious traffic. Since August 2025, the network has grown to over 14,000 infected devices, with more than 60% of victims in the United States. Infections have also been confirmed in Australia, the UK, and across Europe.
There is no reason New Zealand businesses and homes should consider themselves exempt.
For the average owner of an infected router, the malware would be essentially undetectable, beyond internet speeds feeling slightly sluggish at times.
How Does It Work?
The infection begins when a targeted device downloads a malicious script that establishes persistence by setting up a scheduled task running every hour. Once assimilated into the botnet, the device’s internet connection is packaged and sold through a criminal proxy service. Buyers use hijacked devices to execute brute-force attacks and targeted exploitation campaigns, and because the traffic originates from ordinary home connections, it easily bypasses traditional security filters. Your router becomes the criminals’ cover story.
The Password Problem
Here’s the uncomfortable truth: many of these infections were entirely preventable. Our advice has long been that the organisations managing routers must ensure devices do not rely on common default passwords, and management interfaces should be properly secured and not accessible via the internet. Default passwords, such as the ones printed on the bottom of your router, are well known to attackers. They’re among the first credentials attempted in any automated attack. Changing them takes two minutes.
Every Business and Home Is a Target
KadNap dismantles one of the most dangerous assumptions in cybersecurity: that attackers only go after large organisations or valuable data. A router sitting quietly in a home or small business can now become part of a global criminal network.
The target isn’t your data — it’s your device and your IP address as cover for someone else’s crime.
For Kiwi businesses, your router is the gateway to everything: email, financial systems, client data, cloud platforms. A compromised device doesn’t just expose your own network, it can involve your business in criminal activity.
What You Should Do Today
- Change default passwords on every router and network device — at the office and at home
- Update firmware regularly to close known vulnerabilities
- Replace end-of-life devices that no longer receive security updates
- Disable remote management interfaces unless specifically required
At Kinetics, our KARE Foundation service covers exactly this kind of proactive network hygiene — systematically managing the security tasks that protect your business before problems emerge.
KadNap is a reminder that cybersecurity starts at the device level, with something as simple as a strong password on your router.