Cybercriminals are getting more creative every day.
They're using everything from your Google Maps history to trick you into paying up, and even turning innocent-looking QR codes into traps.
At one point, we covered just how easy it is to turn a phone charging cable into a spying device.
But now there's something new to worry about, and it could affect a lot of devices in your home.
Advert
Security experts have discovered that criminals have secretly taken control of over 14,000 devices worldwide and they're using them to launch attacks.
Most of the hijacked devices are Asus routers and hackers are using them to funnel malicious internet traffic for massive cyberattacks. According to the experts, the attacks use a decentralised peer-to-peer system to avoid network detection and are incredibly hard to protect against.
A cybersecurity company called Lumen released a report about the new threat, nicknamed 'KadNap' and has been monitoring it since August 2025.
Thousands of devices, including smart fridges and routers, can be secretly hijacked to create a botnet, the report stated. The criminals can then use this compromised network to launch distributed denial-of-service (DDoS) attacks, flooding websites with traffic disguised as 'legitimate peer-to-peer traffic.'
“As modern society increasingly relies on internet-exposed Internet of Things (IoT) devices, the opportunities for malicious actors to exploit vulnerabilities continue to abound,” Lumen’s report explained. “Threat actors are building large-scale botnets specifically designed to hijack devices in this growing pool of targets, using them to route traffic and evade detection by network security systems.”
Although over half (60%) of KadNap victims are in the US, security researchers found infected devices in the UK, Australia, Brazil, Russia, and across Europe.
The problem is that the malware on the infected devices can go unnoticed by many victims as it can easily be passed off as slow internet.
Its decentralised design also means there is no central hub that authorities can shut down.
“Their intention is clear: avoid detection and make it difficult for defenders to protect against,” Lumen’s report concluded. “KadNap’s bots are sold through Doppelganger, a service whose users leverage these hijacked devices for a range of malicious purposes, including brute-force attacks and highly targeted exploitation campaigns."
It added: “As a result, every IP address associated with this botnet represents a significant, persistent risk to organisations and individuals alike.”
According to the report, Lumen's Black Lotus Labs will continue to 'find, monitor and track malicious botnets to help secure the internet.' Users are advised to regularly reboot their routers and install the latest security patches to ensure their devices have the most up-to-date protection.