{"url":"https://www.wsj.com/tech/kimwolf-hack-residential-proxy-networks-a712ab59","title":"Kimwolf Hackers Breach Rival Botnet's Controls","domain":"wsj.com","imageUrl":"https://images.pexels.com/photos/5380582/pexels-photo-5380582.jpeg?auto=compress&cs=tinysrgb&h=650&w=940","category":"Tech","language":"en","slug":"83113c5f","id":"83113c5f-e2d2-4e74-889d-76129a6c940f","description":"Hackers behind the Kimwolf botnet, infecting over 2 million devices, have secretly accessed the rival Badbox 2.0 botnet's control panel.","summary":"## TL;DR\n- Hackers behind the **Kimwolf** botnet, infecting over **2 million** devices, have secretly accessed the rival **Badbox 2.0** botnet's control panel.\n- Kimwolf spreads by exploiting residential proxy networks to hack into home devices like cheap Android TV boxes.\n- This backdoor access lets them bypass defenses, fueling massive cyber threats from everyday gadgets.\n- Google and the FBI are hunting the operators, exposing links to Chinese tech firms.\n\n## The story at a glance\nOperators of the massive **Kimwolf** botnet have infiltrated **Badbox 2.0**, a China-based network of over **10 million** infected streaming devices, by gaining control panel access. This revelation, reported now amid escalating botnet takedowns, shows how hackers chain one botnet to supercharge another.\n\n## Key moments & milestones\n- **2025**: **Google** sues 25 unidentified defendants over **Badbox 2.0**, a botnet pre-infecting Android streaming boxes for ad fraud.\n- **November 2025**: **Kimwolf** and **Aisuru** botnets unleash a **31.4 Tbps** DDoS attack.\n- **Early 2026**: **Kimwolf** surges to over **2 million** infections, mainly via vulnerable IoT devices like TV boxes.\n- **January 2026**: **Krebs on Security** exposes **Kimwolf**'s local network stalking and names admins **Dort** and **Snow**.\n- **Recent**: Kimwolf operators share screenshot of **Badbox 2.0** panel login as user \"**Chen**\" tied to **34557257@qq.com**.\n\n## Signature highlights\n- **Kimwolf** tricks residential proxy services to relay commands past home firewalls, targeting unsecured IoT like Android TV boxes and photo frames.\n- **Badbox 2.0** infects devices pre-sale or via shady app stores, powering ad fraud across **10 million+** units.\n- Email **34557257@qq.com** links to Chinese firms like **Beijing Hong Dake Wang Science & Technology Co Ltd.** and others.\n- Proxy firm **Synthient** warned 11 providers; most fixed vulnerabilities, but **Kimwolf** had this hidden **Badbox** ace.\n\n## Key quotes\n> \"The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0.\"[1]\n\n## Why it matters\nThis botnet-on-botnet hack amplifies risks from cheap gadgets, turning homes into launchpads for DDoS attacks, ad fraud, and spying. It pressures tech giants and law enforcement to dismantle pre-infected supply chains. Watch for DOJ disruptions and proxy network lockdowns to curb the next surge.","hashtags":["#cybersecurity","#botnet","#kimwolf","#badbox","#hacking"],"viewCount":2,"publishedAt":"2026-04-03T20:52:25.786Z"}