Kimwolf

KIMWOLF is an android based malware which uses compromised systems to relay malicious and abusive Internet traffic, as well as participating in distributed denial-of-service (DDoS). KIMWOLF primarily infects unofficial Android-TV set-top boxes and digital photo frames. The malware has frequently been noted to achieve infection spread via abusing Android Debug Bridge (ADB) and residential proxies. There are multiple reports suggesting a connection to the Aisuru botnet, with Kimwolf acting as the Android variant.

Last 7 days

Mar 20, 2026

C2 Hosts: 3

Daily C2 host counts for the last 7 days
Date	C2 Hosts
Mar 20, 2026	3

Further Reading

The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security

krebsonsecurity.com

Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security

krebsonsecurity.com

Who Operates the Badbox 2.0 Botnet? – Krebs on Security

krebsonsecurity.com

A Broken System Fueling Botnets

Synthient continues to track the Kimwolf DDoS and proxy botnet with this report, delivering significant findings on the inner workings, infection chain, and reliance on the residential proxy ecosys...

Kimwolf Botnet Risks for Enterprises and Institutions

Lessons from Kimwolf: The DDOS operator abusing residential proxies to spread malware scanned nearly 25% of our cloud customers for vulnerable devices.

Kimwolf Android Botnet Grows Through Residential Proxy Networks

The 2-million-device-strong botnet allows monetization through DDoS attacks, app installs, and the selling of proxy bandwidth.

securityweek.com