534/68 Friday, December 19, 2025
Security researchers from QiAnXin XLab have identified a large-scale botnet named “Kimwolf”, which has compromised more than 1.8 million Android-based devices worldwide, including Android TV boxes, digital set-top boxes, and tablets. The infections are especially prevalent among low-cost consumer devices commonly used in households. What makes Kimwolf particularly alarming is its immense DDoS attack capability-researchers observed 1.7 billion attack commands issued within just three days in late November 2025. As a result, the attackers’ command-and-control (C2) infrastructure generated traffic volumes that temporarily ranked among the highest globally, even surpassing major services such as Google in Cloudflare’s traffic rankings.
In-depth analysis reveals that Kimwolf is linked to the operators of the previously known “AISURU” botnet, which had also set records for large-scale DDoS attacks. Key evidence includes the reuse of digital certificates and identical malware deployment scripts. Kimwolf also demonstrates advanced evasion techniques: when its C2 servers were taken down, the operators shifted to a method known as “EtherHiding,” leveraging the Ethereum Name Service (ENS) and blockchain smart contracts to conceal the real IP addresses of their command servers, significantly complicating takedown and attribution efforts by cybersecurity authorities.
The attackers’ objectives extend beyond website disruption. Kimwolf is primarily designed to monetize stolen bandwidth, with data indicating that over 96% of commands sent to infected devices convert them into proxy nodes for resale as network services, allowing the operators to profit directly from victims’ internet connections. The rise of Kimwolf highlights a broader shift in cyber threat trends, as attackers move away from traditional targets such as routers and IP cameras toward Smart TVs and set-top boxes, which offer greater processing power while still suffering from weak security controls.
Source https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html
