TZUTC: -0500
MSGID: 1855.consprcy@1:2320/105 2daa9a62
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
A massive new DDoS botnet has already snared 1.8 million devices - here's 
what we know about Kimwolf

Date:
Thu, 18 Dec 2025 18:35:00 +0000

Description:
Researchers discovered a new botnet called Kimwolf, allegedly built by the
same brain behind AISURU.

FULL STORY

Cybersecurity researchers have spotted a mjor malicious botnet comprising
almost two million devices which is reportedly capable of more than just
Distributed Denial of Service ( DDoS ) attacks. 

QiAnXin XLab published a new report on Kimwolf, an Android-based botnet that
primarily targets TVs, set-top boxes, and tablets. At the moment, it infected
roughly 1.8 million devices, mostly in Brazil, India, the U.S., Argentina,
South Africa, and the Philippines. 

How the devices get infected is still unknown, but XLab found the majority of
the victims are in residential network environments, and belong to these
brands: TV BOX, SuperBOX, HiDPTAndroid, P200, X96Q, XBOX, SmartTV, and MX10.

Owned by AISURU? 

The researchers have been tracking Kimwolf for a little while now and found
that the botnet was taken down multiple times already but has always returned
stronger. 

"We observed that Kimwolf's C2 domains have been successfully taken down by
unknown parties at least three times [in December], forcing it to upgrade its
tactics and turn to using ENS (Ethereum Name Service) to harden its
infrastructure, demonstrating its powerful evolutionary capability," XLab
researchers said. 

They also said that the botnets source code and C2 infrastructure overlaps
significantly with that of AISURU, currently one of the most destructive
botnets in existence. 

"These two major botnets propagated through the same infection scripts 
between September and November, coexisting in the same batch of devices," the
researchers explained. "They actually belong to the same hacker group." 

AISURU is a botnet thats made multiple headlines recently for breaking all
sorts of DDoS records. 

Earlier this month, Cloudflare released its 2025 Q3 DDoS threat report ,
detailing an attack by the apex of botnets. In the report, the CDN giant said
AISURU counts anywhere between one and four million infected devices, and 
that it mounted a DDoS attack that peaked at 29.7 terabits per second (Tbps)
and 14.1 billion packets per second (Bpps). 

Cloudflare described it as a UDP carpet-bombing attack bombarding an average
of 15K destination ports per second. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/a-massive-new-ddos-botnet-has-already-s
nared-1-8-million-devices-heres-what-we-know

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426