Jump to content

Kimwolf botnet thriving in cheap Chinese Android TV devices

Travel Bacon
By Travel Bacon
in Tech News
 Share
Posted

About years ago, LTT published "Stop Buying ANDROID TV Boxes", which talked about how these devices ship with malware and are in general a security nightmare. Well, here we are two years later and Brian Krebs is gnawing on a truly horrific security story that is the direct descendant of that video.

 

Now we get this, from Krebs on Security: The Kimwolf Botnet is Stalking Your Local Network

 

Quotes

Quote

The past few months have witnessed the explosive growth of a new botnet dubbed Kimwolf, which experts say has infected more than 2 million devices globally. The Kimwolf malware forces compromised systems to relay malicious and abusive Internet traffic — such as ad fraud, account takeover attempts and mass content scraping — and participate in crippling distributed denial-of-service (DDoS) attacks capable of knocking nearly any website offline for days at a time.

More important than Kimwolf’s staggering size, however, is the diabolical method it uses to spread so quickly: By effectively tunneling back through various “residential proxy” networks and into the local networks of the proxy endpoints, and by further infecting devices that are hidden behind the assumed protection of the user’s firewall and Internet router.

The botnet thrives on the same cheap Android TV boxes Linus talked about in the video, but also in digital picture frames and other sketchy, Chinese-manufactured Android-powered devices. In addition to creating residential proxy networks that allow Kimwolf to spread behind our homes' firewalls, these devices often ship with Android Debug Bridge (ADB) enabled by default which allows post-purchase firmware updates and many other shenanigans.

 

Follow up video idea for LTT - get Benjamin Brundage, the 22 year-old RIT undergrad and security firm founder whose Kimwolf research blew this story wide open,  in a video to talk about what he's found and how dangerous this botnet is. I think he and Krebs are onto something that could blow up even more than it already has. 

Link to post
Share on other sites
Posted

Glad I avoid sketchy Chinese products and only purchase non-sketchy Chinese products. 

 

That's horrifying information, I had briefly seen that LTT video but hadn't gone deep enough to learn the full extent of the malware/botnet issue. 

Quote or tag me( @Crunchy Dragon) if you want me to see your reply

If a post solved your problem/answered your question, please consider marking it as "solved"

Community Standards // Join Floatplane!

Link to post
Share on other sites
Posted
21 minutes ago, Crunchy Dragon said:

Glad I avoid sketchy Chinese products and only purchase non-sketchy Chinese products. 

Back when pirated CDRs of Windows was a thing on every major Chinese city street corner, they usually contained malware for domestic use.

 

In suspect that's true for much of this cheap crap too.

 

The amount of malicious traffic traversing through internal Chinese networks must be atrocious!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×