When Botnets Fight Botnets: Kimwolf vs. Badbox 2.0

Published on January 26, 2026 at 3:28 PM

Introduction:
Cyber researchers have just uncovered a major development in the world of botnets. The Kimwolf botnet, already known for infecting millions of devices, appears to have gained access to the control panel of Badbox 2.0, one of the largest China-based botnets hidden inside Android TV boxes. This discovery shows cybercriminals targeting other cybercriminals — and why everyday devices might be caught in the crossfire.

The Players:

Badbox 2.0: Cyber research reveals this botnet is pre-installed on millions of inexpensive Android TV boxes, quietly collecting devices for advertising fraud and malware distribution.
Kimwolf: Our investigation confirms Kimwolf spreads through home networks by exploiting residential proxies, targeting devices like TVs, digital photo frames, and other IoT gadgets.

The Breach:
Cyber researchers have identified evidence that Kimwolf operators now have access to Badbox 2.0’s control panel. This access allows them to install their malware directly onto millions of devices already controlled by Badbox, bypassing traditional attack methods. In essence: one botnet is now controlling another.

Who’s Behind Badbox 2.0?
Our research traced email addresses, domain registrations, and company websites back to two Chinese tech figures: Chen Daihai and Zhu Zhiyu. They appear connected to multiple companies and domains involved in Badbox operations, suggesting a highly organized and long-running cybercriminal network.

Why This Matters:

Traditional patches and proxy protections cannot stop Kimwolf if it leverages Badbox devices.
Millions of consumers may unknowingly have compromised devices in their homes.
Law enforcement and Google are investigating, but the scale of Badbox makes it difficult to fully contain.

Takeaway:
This discovery shows cybercriminals are evolving, turning their tools on each other. For everyday users, the warning is clear: be cautious with inexpensive smart devices and always question what comes pre-installed. For cybersecurity researchers, this is a reminder that botnets are becoming highly interconnected, strategic tools.

Conclusion:
The latest findings on Kimwolf and Badbox 2.0 illustrate the next stage of cybercrime: malware operating not just against users, but as part of a larger criminal ecosystem. Devices in your home could be caught in the middle — and this story is just the beginning.

This site monitors cybersecurity incidents and breaks them down in plain language so individuals and businesses can protect themselves before damage occurs.

« Previous MILLIONS OF ACCOUNT CREDENTIALS EXPOSED ONLINE — WHAT YOU NEED TO KNOW U.S. Charges 31 More Suspects in Nationwide ATM Malware Operation Next »