## Kimwolf Botnet: 2+ Million Devices Compromised via Residential Proxy Tunnels
A new botnet dubbed 'Kimwolf' has infected over 2 million devices globally, with concentrations in Vietnam, Brazil, India, Saudi Arabia, Russia, and the United States. Security firm Synthient reports that two-thirds of the infections are on Android TV boxes lacking basic security or authentication. The Kimwolf malware forces compromised devices to relay malicious traffic—including ad fraud, account takeover attempts, and mass content scraping—and to participate in powerful distributed denial-of-service (DDoS) attacks capable of taking websites offline for days. The botnet's rapid spread is attributed to a diabolical propagation method: it tunnels back through 'residential proxy' networks into the local networks of proxy endpoints, then infects additional devices hidden behind those networks. This technique exploits the outdated security assumptions of internal networks behind home routers, rendering them vulnerable. The vulnerability has been actively exploited for months, indicating a widespread and ongoing threat that requires immediate awareness and remediation from network administrators and device owners.
---
- **Source**: 
- **Sector**: The Network
- **Tags**: android, botnet, malware, ddos, security
- **Credibility**: unverified
- **Published**: 2026-03-06 13:13:33
- **ID**: 2564
- **URL**: https://whisperx.ai/en/intel/2564