TZUTC: -0500   
   MSGID: 1855.consprcy@1:2320/105 2daa9a62   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   A massive new DDoS botnet has already snared 1.8 million devices - here's    
   what we know about Kimwolf   
      
   Date:   
   Thu, 18 Dec 2025 18:35:00 +0000   
      
   Description:   
   Researchers discovered a new botnet called Kimwolf, allegedly built by the   
   same brain behind AISURU.   
      
   FULL STORY   
      
   Cybersecurity researchers have spotted a mjor malicious botnet comprising   
   almost two million devices which is reportedly capable of more than just   
   Distributed Denial of Service ( DDoS ) attacks.    
      
   QiAnXin XLab published a new report on Kimwolf, an Android-based botnet that   
   primarily targets TVs, set-top boxes, and tablets. At the moment, it infected   
   roughly 1.8 million devices, mostly in Brazil, India, the U.S., Argentina,   
   South Africa, and the Philippines.    
      
   How the devices get infected is still unknown, but XLab found the majority of   
   the victims are in residential network environments, and belong to these   
   brands: TV BOX, SuperBOX, HiDPTAndroid, P200, X96Q, XBOX, SmartTV, and MX10.   
      
   Owned by AISURU?    
      
   The researchers have been tracking Kimwolf for a little while now and found   
   that the botnet was taken down multiple times already but has always returned   
   stronger.    
      
   "We observed that Kimwolf's C2 domains have been successfully taken down by   
   unknown parties at least three times [in December], forcing it to upgrade its   
   tactics and turn to using ENS (Ethereum Name Service) to harden its   
   infrastructure, demonstrating its powerful evolutionary capability," XLab   
   researchers said.    
      
   They also said that the botnets source code and C2 infrastructure overlaps   
   significantly with that of AISURU, currently one of the most destructive   
   botnets in existence.    
      
   "These two major botnets propagated through the same infection scripts    
   between September and November, coexisting in the same batch of devices," the   
   researchers explained. "They actually belong to the same hacker group."    
      
   AISURU is a botnet thats made multiple headlines recently for breaking all   
   sorts of DDoS records.    
      
   Earlier this month, Cloudflare released its 2025 Q3 DDoS threat report ,   
   detailing an attack by the apex of botnets. In the report, the CDN giant said   
   AISURU counts anywhere between one and four million infected devices, and    
   that it mounted a DDoS attack that peaked at 29.7 terabits per second (Tbps)   
   and 14.1 billion packets per second (Bpps).    
      
   Cloudflare described it as a UDP carpet-bombing attack bombarding an average   
   of 15K destination ports per second.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/a-massive-new-ddos-botnet-has-already-s   
   nared-1-8-million-devices-heres-what-we-know   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426