The Black Lotus Labs team at Lumen Technologies has taken significant action against the AISURU and Kimwolf botnets by null-routing over 550 command-and-control (C2) servers since early October 2025. These botnets have gained notoriety for their ability to commandeer devices and use them in distributed denial-of-service (DDoS) attacks. By cutting off access to these C2 nodes, researchers aim to disrupt the operations of these botnets, which primarily target Android devices. This move is crucial as it not only protects potential victims from being exploited but also highlights the ongoing battle against cybercriminals who leverage such networks for malicious activities. The impact of these botnets underscores the need for continued vigilance in cybersecurity practices, especially for users of vulnerable devices.
Articles tagged "Android"
Found 15 articles
SecurityWeek
A serious vulnerability in Dolby's software for Android devices has been identified, tracked as CVE-2025-54957. Discovered by Google researchers in October 2025, this flaw could potentially allow attackers to exploit the Dolby audio processing capabilities on affected devices. Users of Android devices utilizing Dolby technology should be particularly cautious, as the vulnerability poses risks to their audio functionality and overall device security. Immediate action is recommended to ensure that devices are updated to the latest software versions that include the necessary patches to fix this issue. This discovery emphasizes the need for regular updates and vigilance among users and security teams alike.
The Kimwolf Android botnet has expanded significantly, now comprising around 2 million devices. This botnet primarily targets residential proxy networks, allowing its operators to profit through various means, including launching Distributed Denial of Service (DDoS) attacks, installing applications without user consent, and selling proxy bandwidth. The growth of this botnet poses serious risks to users, as it can lead to unauthorized use of their devices and potential data breaches. It also raises concerns for internet service providers and businesses that may be targeted by DDoS attacks. The situation highlights the ongoing challenges in securing IoT devices and the need for users to be vigilant about their device security.
The Kimwolf Android botnet has been discovered infecting over 1.8 million devices, according to security researchers at XLab. This botnet, which is linked to the previously identified Aisuru botnet, has been responsible for sending more than 1.7 billion commands for Distributed Denial of Service (DDoS) attacks. The scale of these attacks is significant, raising concerns about the potential for disruption to various online services. The fact that millions of devices are compromised highlights the ongoing vulnerability of Android systems to malware. Users should be cautious and consider securing their devices to prevent further infections and attacks.
A new botnet named Kimwolf has compromised around 1.8 million Android-based devices, including TVs, set-top boxes, and tablets. Researchers from QiAnXin XLab report that this botnet may be linked to another one known as AISURU. Kimwolf is built using the Native Development Kit (NDK), which allows attackers to control these devices and use them for large-scale distributed denial-of-service (DDoS) attacks. This incident raises concerns about the security of smart devices, as many consumers may not realize their equipment can be hijacked in this way. Users of affected devices should be vigilant and consider measures to secure their systems against such threats.
Security Affairs
The latest Security Affairs Malware Newsletter highlights several significant malware developments affecting multiple countries. Notably, the UDPGangster campaigns are targeting various regions, posing risks to users and organizations. Researchers also discuss ransomware trends related to the Bank Secrecy Act, shedding light on how financial institutions might be affected between 2022 and 2024. Additionally, the return of the ClayRat malware introduces expanded features and techniques that could complicate detection and mitigation efforts. Another concerning finding is the SEEDSNATCHER, an Android malware that targets crypto wallets, raising alarms for cryptocurrency users. These incidents highlight the evolving tactics employed by cybercriminals and the need for heightened security measures.
Hackread – Cybersecurity News, Data Breaches, AI, and More
Researchers at Zimperium zLabs have discovered a new Android malware called DroidLock, which behaves like ransomware. This malicious software can lock users out of their devices and steal sensitive information by tricking them into providing their credentials through phishing tactics. Additionally, DroidLock has the capability to stream users' screens and activate their front cameras through VNC, raising serious privacy concerns. This malware primarily targets Android users, making it essential for them to remain vigilant about their device security and be cautious of suspicious links or applications. The emergence of DroidLock emphasizes the ongoing risks associated with mobile malware and the need for users to adopt strong security practices.
Infosecurity Magazine
The article discusses a new version of ClayRat Android spyware that has enhanced surveillance and device-control capabilities, indicating an increase in the potential for unauthorized access to personal data. This development poses a significant risk to Android users, as the spyware may be used for malicious purposes such as spying and data theft.
The Hacker News
GoldFactory, a financially motivated cybercriminal group, has launched new attacks targeting mobile users in Southeast Asia, specifically Indonesia, Thailand, and Vietnam. They are distributing modified banking applications that serve as conduits for Android malware, leading to over 11,000 infections since October 2024, posing significant risks to users' financial security.
Help Net Security
CVE-2025-48633Google has addressed 51 vulnerabilities in Android, including two high-severity flaws (CVE-2025-48633 and CVE-2025-48572) that are potentially under targeted exploitation. Both vulnerabilities impact the Android Framework, which is essential for app development, and could allow malicious applications to access sensitive information.
Albiriox is a new banking trojan developed by Russian cybercriminals, marketed through a malware-as-a-service model for a monthly fee. This malware poses a significant threat to Android users by targeting banking information and financial transactions, highlighting the ongoing risks associated with mobile malware.
CISA has identified that various cyber threat actors are using commercial spyware to target users of mobile messaging applications, employing tactics such as phishing, zero-click exploits, and impersonation. The focus is primarily on high-value individuals including government and military officials, indicating a serious threat to sensitive communications.
Google has updated its Quick Share service to enable compatibility with Apple's AirDrop, facilitating easier file sharing between Android and iPhone devices. This feature is currently available for the Pixel 10 lineup and is expected to expand to other devices in the future.
The newly identified Sturnus Banking Trojan is currently under development and primarily targets messaging applications like WhatsApp, Telegram, and Signal, with a focus on users in Europe. This poses a significant risk to user privacy and security as it aims to exploit sensitive communications.
The Sturnus Android banking trojan poses a significant threat by enabling credential theft and complete device takeover for financial fraud. Its unique capability to bypass encrypted messaging by capturing decrypted content directly from the device screen raises serious concerns about user privacy and security.