The Kimwolf botnet, known for infecting over 2 million devices, has reportedly gained unauthorized access to the control panel of Badbox 2.0, a major botnet linked to advertising fraud. This access allows Kimwolf to deploy its malware on devices connected to Badbox 2.0, raising concerns about the spread of malicious software.

The Kimwolf botnet has compromised over 2 million Android devices, primarily targeting streaming boxes to turn them into residential proxies. Recent reports detail its expansion and connection to a network of compromised routers, which allows threat actors to conduct DDoS attacks and sell proxy services. Cybersecurity firms have identified significant increases in bot activity and vulnerabilities in residential proxy networks.

The Kimwolf botnet has infected over 2 million devices by exploiting vulnerabilities in residential proxy networks. It spreads through compromised Android TV boxes and digital photo frames, allowing attackers to relay malicious traffic and launch DDoS attacks. Security experts warn that the risk from unsecured proxy networks is escalating.

Researchers revealed a nine-month campaign exploiting the React2Shell vulnerability to build the RondoDox botnet. The botnet scans for vulnerable devices and installs various malware, including cryptocurrency miners and a Mirai variant. Organizations are urged to update software and implement security measures to defend against these attacks.

GoBruteforcer is a botnet attacking cryptocurrency databases to brute-force user passwords for various services. Its operators exploit weak credentials and misconfigured servers to expand their control, utilizing a mix of common usernames and a persistent malware infrastructure. Recent activities also show attempts to identify blockchain accounts with funds.

The article details how an SSH LLM honeypot successfully lured a threat actor who downloaded exploits and attempted to connect a server to a botnet. By analyzing the threat actor’s actions and the scripts used, the author gained insights into the command and control infrastructure they employed. The findings led to actions against the associated IRC channels.

The Kimwolf botnet has infected at least 1.8 million devices, primarily targeting Android-based TVs and set-top boxes. It has demonstrated advanced DDoS capabilities and is linked to the AISURU botnet, suggesting that the same hacker group may be behind both. Recent tactics include using Ethereum Name Service for resilience against takedowns.

A new botnet named Androxgh0st is expanding its operations by exploiting vulnerabilities in university servers in the United States. The botnet is capable of executing various malicious activities, raising concerns about its potential impact on educational institutions and cybersecurity.

A new strain of malware named "Gayfemboy," based on the Mirai botnet, has been identified targeting vulnerabilities in devices from various vendors including DrayTek and TP-Link. The malware has shown evolved techniques for obfuscation, self-protection, and remote control, enabling attackers to gain control over infected systems and conduct DDoS attacks across multiple sectors worldwide.

Operation Moonlander has successfully dismantled a significant botnet responsible for the cybercriminal services AnyProxy and 5Socks. This operation highlights the ongoing efforts to combat malware and cybercrime on a global scale, emphasizing the need for continuous vigilance and collaboration among cybersecurity entities.