The trouble with botnets is how effective they are and easily spread they are. Most people don't even know what they are or how their devices get infected or impacted. This was a fairly large attack but not massive, still concerning.
The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient.
"Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality," the company said in an analysis published last week.
Kimwolf was first publicly documented by QiAnXin XLab last month, while documenting its connections to another botnet known as AISURU. Active since at least August 2025, Kimwolf is assessed to be an Android variant of AISURU. There is growing evidence to suggest that the botnet is actually behind a series of record-setting DDoS attacks late last year.
The malware turns infected systems into conduits for relaying malicious traffic and orchestrating distributed denial-of-service (DDoS) attacks at scale. The vast majority of the infections are concentrated in Vietnam, Brazil, India, and Saudi Arabia, with Synthient observing approximately 12 million unique IP addresses per week.
Attacks distributing the botnet have been primarily found to target Android devices running an exposed Android Debug Bridge (ADB) service using a scanning infrastructure that uses residential proxies to install the malware. No less than 67% of the devices connected to the botnet are unauthenticated and have ADB enabled by default.
It's suspected that these devices come pre-infected with software development kits (SDKs) from proxy providers so as to surreptitiously enlist them in the botnet. The top compromised devices include unofficial Android-based smart TVs and set-top boxes.
You can see on the map who was mostly effected by the attack (file attached or it can be viewed on the source page).
There was a botnet a few years ago that impacted a lot of businesses, I think it was targeting something with Microsoft but it is slipping my memory. I just remember during this, there was a lot of panic where I work. We managed clients and a lot of systems were down, it was a mess.
@snak30il I think I know what you are talking about but the name is not coming to me either. Recently there was something with Verizon but I am not entirely sure if that was an attack or someone within the company messed up.
I think it is worth pointing out that the vast majority of these infections are concentrated in Vietnam, Brazil, India, and Saudi Arabia. If you are outside of these locations, you have little concern to worry about but it does help to be aware of the issue in case is spreads.