EEVblog® Electronics Community Forum

Products => Computers => Security => Topic started by: madires on January 02, 2026, 06:32:16 pm

Title: Kimwolf botnet and unofficial Android TV boxes
Post by: madires on January 02, 2026, 06:32:16 pm

The Kimwolf Botnet is Stalking Your Local Network - https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/

TL;DR:
- new botnet with around 2 million devices
- weakness of hidden proxy service enables access to local networks (often preinstalled on unofficial Android TV boxes)
- takeover of devices with Android Debug Bridge enabled (nearly all unofficial Android TV boxes)

Title: Re: Kimwolf botnet and unofficial Android TV boxes
Post by: iMo on January 02, 2026, 07:34:35 pm

Quote

For example, opening a command prompt and typing “adb connect” along with a vulnerable device’s (local) IP address followed immediately by “:5555” will very quickly offer unrestricted “super user” administrative access.

Hopefully our Rigols are not infected..  :D

Title: Re: Kimwolf botnet and unofficial Android TV boxes
Post by: madires on June 20, 2026, 04:10:36 pm

Another botnet based on Android devices:
- ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm - https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/

And some numbers about Kimwolf from the recent NANOG 97:
-  The Kimwolf Aftershock: Residential Proxy Botnets One Year Later - https://nanog.org/events/nanog-97/content/5771/

A US residential proxy costs up to about US$ 95 for two weeks. It's a quite profitable business!