‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices

Linked to the Aisuru IoT botnet, Kimwolf was seen launching over 1.7 billion DDoS attack commands and increasing its C&C domain’s popularity.

A newly identified Android botnet has infected over 1.8 million devices and can launch massive distributed denial-of-service (DDoS) attacks, Chinese cybersecurity firm XLab warns.

Dubbed Kimwolf, the botnet has proxy forwarding, reverse shell, and file management capabilities.

The threat appears linked to Aisuru, the TurboMirai-class IoT botnet recently blamed for a record-breaking 29.7 Tbps DDoS attack.

Kimwolf, XLab says, is mainly focused on traffic proxying, but was observed issuing over 1.7 billion DDoS attack commands between November 19 and 22.

This pushed its command-and-control (C&C) domain, 14emeliaterracewestroxburyma02132[.]su, to the top position in Cloudflare’s global domain popularity rankings, surpassing google.com.

The malware, the cybersecurity firm says, relies on the DNS over TLS (DoT) protocol to encapsulate DNS requests and evade detection ...