Botnet spreads through insecure TV boxes and proxy networks.

Researchers say the Kimwolf botnet has quietly grown to more than 2 million infected Android devices, many of them low‑cost TV boxes sold with pre‑installed malware. Synthient reports that the operators exploited exposed ADB services and leveraged residential proxy networks, particularly IPIDEA, to accelerate infections. The botnet has been linked to massive DDoS capacity and to monetization schemes such as selling proxy bandwidth and forcing app installs. Although IPIDEA issued a patch to close exposed ports, investigators warn that the mix of compromised hardware and commercial proxy infrastructure leaves the broader ecosystem vulnerable.

Read more:

https://www.securityweek.com/kimwolf-android-botnet-grows-through-residential-proxy-networks/