The Kimwolf Botnet is Stalking Your Local Network

This report describes the Kimwolf botnet: an active, large-scale Android-based malware campaign that has infected ~2 million devices (mainly unofficial Android TV boxes and digital photo frames) by abusing residential proxy services and device misconfigurations. Kimwolf turns compromised devices into proxy nodes for DDoS, ad fraud and account takeover, tunnels into victims' local networks by resolving domains to RFC-1918 addresses and exploiting devices with Android Debug Bridge enabled, and has been observed rebuilding rapidly after takedowns; the article includes affected provider details, device/product lists, and mitigation advice.