[et_pb_section fb_built=”1″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
That’s the reality revealed by the discovery of KadNap, a sophisticated malware campaign that has become one of the most significant cybersecurity stories of 2026.<\/p>\n
Cybersecurity researchers at Black Lotus Labs discovered KadNap<\/a> malware primarily targeting Asus routers, conscripting them into a botnet that proxies malicious traffic. Since August 2025, the network has grown to over 14,000 infected devices, with more than 60% of victims in the United States. Infections have also been confirmed in Australia, the UK, and across Europe.<\/p>\n There is no reason New Zealand businesses and homes should consider themselves exempt.<\/strong><\/p>\n For the average owner of an infected router, the malware would be essentially undetectable, beyond internet speeds feeling slightly sluggish at times.<\/p>\n The infection begins when a targeted device downloads a malicious script that establishes persistence by setting up a scheduled task running every hour. Once assimilated into the botnet, the device’s internet connection is packaged and sold through a criminal proxy service. <\/span>Buyers use hijacked devices<\/a> to execute brute-force attacks and targeted exploitation campaigns, and because the traffic originates from ordinary home connections, it easily bypasses traditional security filters.\u00a0 Your router becomes the criminals’ cover story.<\/p>\n Here’s the uncomfortable truth: many of these infections were entirely preventable. Our advice has long been that the organisations managing routers must ensure devices do not rely on common default passwords, and management interfaces should be properly secured and not accessible via the internet.\u00a0 <\/span>Default passwords, such as the ones printed on the bottom of your router, are well known to attackers. They’re among the first credentials attempted in any automated attack. Changing them takes two minutes.<\/p>\n KadNap dismantles one of the most dangerous assumptions in cybersecurity: that attackers only go after large organisations or valuable data. A router sitting quietly in a home or small business can now become part of a global criminal network.<\/p>\n For Kiwi businesses, your router is the gateway to everything: email, financial systems, client data, cloud platforms. A compromised device doesn’t just expose your own network, it can involve your business in criminal activity.<\/p>\n<\/span>How Does It Work?<\/strong><\/h3>\n
The Password Problem<\/strong><\/h3>\n
Every Business and Home Is a Target<\/strong><\/h3>\n
The target isn’t your data \u2014 it’s your device and your IP address as cover for someone else’s crime.<\/strong><\/h3>\n
What You Should Do Today<\/strong><\/h3>\n
\n