{"id":227356,"date":"2025-12-18T01:17:42","date_gmt":"2025-12-18T07:17:42","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/12\/kimwolf-botnet-hijacks-1-8-million-android-tvs-launches-large-scale-ddos-attacks"},"modified":"2025-12-18T01:17:42","modified_gmt":"2025-12-18T07:17:42","slug":"kimwolf-botnet-hijacks-1-8-million-android-tvs-launches-large-scale-ddos-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/12\/kimwolf-botnet-hijacks-1-8-million-android-tvs-launches-large-scale-ddos-attacks","title":{"rendered":"Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks"},"content":{"rendered":"

<\/a><\/p>\n

A new distributed denial-of-service (DDoS) botnet known as Kimwolf<\/strong> has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU<\/a>, according to findings from QiAnXin XLab.<\/p>\n

\u201cKimwolf is a botnet compiled using the NDK<\/a> [Native Development Kit],\u201d the company said<\/a> in a report published today. \u201cIn addition to typical DDoS attack capabilities, it integrates proxy forwarding, reverse shell, and file management functions.\u201d<\/p>\n

The hyper-scale botnet is estimated to have issued 1.7 billion DDoS attack commands within a three-day period between November 19 and 22, 2025, around the same time one of its command-and-control (C2) domains \u2013 14emeliaterracewestroxburyma02132[.]su \u2013 came first<\/a> in Cloudflare\u2019s list of top 100 domains, briefly even surpassing Google.<\/p>\n","protected":false},"excerpt":{"rendered":"

A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab. \u201cKimwolf is a botnet compiled using the NDK [Native Development [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1512],"tags":[],"class_list":["post-227356","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-mobile-phones"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/227356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=227356"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/227356\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=227356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=227356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=227356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}