The Kimwolf botnet has compromised over 2 million Android devices, primarily targeting streaming boxes to turn them into residential proxies. Recent reports detail its expansion and connection to a network of compromised routers, which allows threat actors to conduct DDoS attacks and sell proxy services. Cybersecurity firms have identified significant increases in bot activity and vulnerabilities in residential proxy networks.

The Kimwolf botnet has infected at least 1.8 million devices, primarily targeting Android-based TVs and set-top boxes. It has demonstrated advanced DDoS capabilities and is linked to the AISURU botnet, suggesting that the same hacker group may be behind both. Recent tactics include using Ethereum Name Service for resilience against takedowns.