Tag: botnet operations
8 articles

TuxBot Evolution Shows AI-Assisted IoT Botnet Development
Researchers just uncovered a cutting-edge IoT botnet framework, TuxBot v3 Evolution, that leverages AI to streamline its development - but surprisingly, the AI also slipped in a crucial safety disclaimer that was left intact. This innovative framework combines old-school botnet tactics with modern tools, making it a potent threat.

Malicious 7-Zip Installers Fuel Residential Proxy Botnet
A shocking 773,087 unique IP addresses linked to SmartProxy were found in a public IP dataset, hinting at a massive residential proxy botnet. This staggering overlap raises serious concerns about the scope of a malicious operation dubbed Lurking Lizard.

NetNut Exposed in Massive Popa Botnet Operation
Meet Popa, a sneaky Android-based plugin that's been secretly infiltrating over 1.4 million internet addresses via unofficial streaming apps and set-top devices, researchers have uncovered. This stealthy operation is linked to the notorious Vo1d botnet family, which has been targeting vulnerable Android TV boxes.
Canada Arrests Kimwolf DDoS Botnet Operator in US-Led Crackdown
In a major cybercrime crackdown, a 23-year-old Canadian man, Jacob Butler, has been arrested and charged with operating the notorious Kimwolf DDoS botnet, which targeted vulnerable devices like digital photo frames and web cameras. If convicted, Butler faces up to 10 years in prison for aiding and abetting computer intrusion.

Botmaster 'Dort' Arrested in Canada, Charged in US Over Kimwolf Botnet
A 23-year-old Canadian man, known online as "Dort," has been arrested and charged for masterminding the massive Kimwolf botnet, which was linked to record-breaking DDoS attacks of nearly 30 Terabits per second. The suspect, Jacob Butler, is now in custody awaiting an initial court hearing.

Mirai-Based xlabs_v1 Botnet Exploits ADB for IoT Hijacking
Meet xlabs_v1, a powerful botnet derived from Mirai that's hijacking IoT devices by exploiting exposed Android Debug Bridge (ADB) services on TCP port 5555. This sneaky malware infects devices like Android TV boxes and smart TVs, and can even measure a device's bandwidth to sell it on the black market.

Mirai Campaign Exploits RCE Flaw in Obsolete D-Link Routers
In early March 2026, Akamai's Security Incident Response Team detected a Mirai botnet campaign exploiting a critical vulnerability, CVE-2025-29635, in outdated D-Link routers, enlisting vulnerable devices into a botnet through automated attacks. This flaw in D-Link DIR-823X series routers puts countless devices at risk of being hijacked.

PowMix Botnet Targets Czech Workers with Randomized C2 Traffic
Cybersecurity researchers have uncovered a sneaky new botnet, dubbed PowMix, that's targeting Czech workers with a clever tactic: hiding in the timing of its command-and-control traffic. This stealthy approach has left experts scrambling to respond to the active campaign, which has been observed since December 2025.