Kimwolf Android Botnet Infects Over 2 Million Devices
🛡️ Synthient reports the Kimwolf Android botnet has compromised more than two million devices by tunneling through residential proxy networks and embedded SDKs. The campaign, active since August 2025 and linked to AISURU by QiAnXin XLab, exploits exposed Android Debug Bridge (ADB) services—67% of infected devices had unauthenticated ADB enabled. Operators monetize infections via app installs, selling residential proxy bandwidth and DDoS services; the main payload listens on port 40860 and connects to 85.234.91[.]247:1337 for commands.
