Lumen Technologies has successfully disrupted over 550 command-and-control nodes linked to the AISURU and Kimwolf botnets, which have infected over 2 million Android devices and compromised residential proxies. The Kimwolf botnet exploits vulnerable Android TV devices and compromised routers to facilitate DDoS attacks, proxy services, and malicious activities, highlighting a growing threat from consumer devices. #AISURU #Kimwolf #ResiRack #AndroidTV #ProxyServices
Keypoints
- The Black Lotus Labs team null-routed over 550 C2 nodes associated with AISURU and Kimwolf botnets.
- Kimwolf malware infects Android TV devices, turning them into residential proxies through the ByteConnect SDK.
- The botnet expanded rapidly, adding 800,000 new bots in a single week in October 2025, many listed for sale on proxy services.
- Threat actors exploited security flaws in proxy services and compromised routers, turning consumer devices into covert attack vectors.
- These malicious devices blend into normal internet traffic, evading detection and enabling large-scale malicious activities.
Read More: https://thehackernews.com/2026/01/kimwolf-botnet-infected-over-2-million.html