Kimwolf Botnet hijacks 1.8 million Android devices for DDoS attacks. Originating from the NDK, it targets Android TVs and set-top boxes, demonstrating advanced capabilities like proxy forwarding and use of Ethereum Name Service for resiliency. Linked to the AISURU botnet, Kimwolf has executed 1.7 billion DDoS commands recently and evolved to enhance its infrastructure against take-down efforts, affecting users in Brazil, India, and the U.S. Attack patterns focus on leveraging compromised devices for proxy services.
https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html

