A newly discovered malware campaign has infected more than 14,000 internet edge devices worldwide, creating a botnet that security researchers warn may be unusually difficult to dismantle.

The malicious program—known as “Kadnap”—targets routers and other edge networking devices that sit at the boundary between local networks and the wider internet. According to cybersecurity researchers cited by Ars Technica and The Hacker News, the malware exploits known vulnerabilities in certain routers to gain persistent control of the devices.

Botnet design: Once inside, the malware establishes a distributed peer-to-peer command structure rather than relying on a single central command server. This architecture makes traditional takedown efforts harder: even if parts of the network are disabled, remaining infected devices can continue communicating with one another and maintain the botnet’s operations.

Infection scale: Researchers estimate that at least 14,000 routers have already been compromised, though the number could rise as additional vulnerable devices are discovered. Many affected routers belong to small businesses or home users that rarely receive firmware updates—an increasingly common weakness in the expanding ecosystem of internet-connected infrastructure.

Persistent threat: Kadnap appears designed for long-term persistence. The malware can survive reboots and includes mechanisms that help it evade detection or removal. Analysts believe such resilience may allow attackers to use infected routers for a range of activities, including traffic proxying, anonymized communications, and coordinating broader cyberattacks.

The campaign highlights a persistent challenge in cybersecurity: edge devices are often poorly maintained despite serving as critical gateways to networks. While personal computers and smartphones frequently receive automatic updates, routers—particularly older or low-cost models—can remain vulnerable for years.

Prevention measures: Security experts, therefore, urge device owners to update firmware, disable remote management features when unnecessary, and replace unsupported hardware. Without such measures, researchers warn, large-scale router infections like Kadnap could become a durable fixture of the internet’s underworld.