Asus Routers Hijacked in 14,000‑Device Proxy Network

Security teams have uncovered a large-scale campaign in which KadNap malware is being leveraged to build Doppelgänger, a proxy network comprising more than 14,000 compromised devices. Asus routers appear to be the primary targets, with attackers exploiting weak credentials and known vulnerabilities to gain persistent access.

Once infected, routers are recruited into a layered proxy infrastructure that lets criminals route traffic through victims' devices. That approach provides anonymity for a range of malicious activities such as credential stuffing, fraud, and other forms of cybercrime. Researchers warn that using consumer networking gear as transit nodes makes detection harder and increases the potential impact on everyday users.

Operators of the Doppelgänger network reportedly prefer router targets because they are often always online, underdefended, and provide stable bandwidth for proxying. The infections can be subtle — many victims won't notice performance changes — and remediation may require a factory reset or firmware update, steps that some users might not take promptly.

Security teams recommend immediate action for owners of affected models: change default and weak passwords, apply the latest firmware updates from the vendor, disable remote management where possible, and monitor network logs for unfamiliar outbound connections. Enabling WPA3 or at least WPA2 with a strong passphrase is also advised to reduce the risk of local compromise.

Network administrators and ISPs can help by detecting unusual traffic patterns associated with outbound proxying and by notifying customers of confirmed compromises. While Asus and security vendors may release patches and guidance, the incident underlines the ongoing risk posed by insecure IoT and home-network devices.