Kimwolf Botmasters Breach Badbox 2.0 Control Panel, Exposing Operators of Massive Android TV Botnet

The cybercriminals controlling the Kimwolf botnet, which has infected over 2 million devices, recently shared a screenshot indicating they had compromised the control panel for Badbox 2.0. Badbox 2.0 is a vast China-based botnet powered by malicious software pre-installed on many Android TV streaming boxes. Both the FBI and Google are actively hunting for the people behind Badbox 2.0. The bragging by the Kimwolf botmasters now provides a clearer picture of the operators. A previous report detailed that the vast majority of Kimwolf-infected systems were unofficial Android TV boxes marketed for accessing pirated streaming content. Sources indicated the current Kimwolf administrators use the nicknames 'Dort' and 'Snow'. A former associate of Dort and Snow shared a screenshot allegedly taken by the Kimwolf botmasters while logged into the Badbox 2.0 botnet control panel. The screenshot shows seven authorized users of the panel. One account, 'ABCD', stands out as it does not match the others and is the account shown as logged in. This breach of the rival botnet's infrastructure provides critical intelligence on the operators of the widespread Badbox 2.0 network, which leverages compromised consumer hardware.