Over two million devices worldwide have been covertly infected by a hazardous new malware known as Kimwolf, which forces them to function as unauthorized proxy servers without the owners’ knowledge.
The botnet has expanded at a startling rate and is currently being used to launch potent cyberattacks, commit online fraud, and steal data from millions of people.
In late 2025, security researchers noticed this concerning trend and uncovered a powerful attack technique that takes advantage of a weakness in the way well-known proxy networks safeguard their systems.
The infection targets inexpensive Android TV boxes and digital photo frames that are marketed online; many of these products come from companies that have already activated risky security settings.
In October 2025, while preparing for final examinations at Rochester Institute of Technology, Benjamin Brundage, a 22-year-old cybersecurity researcher and creator of Synthient, started looking into Kimwolf.
His investigation revealed a concerning trend: the malware was proliferating due to a flaw in the operation of the biggest home proxy providers in the globe.
Brundage found that by altering DNS settings, attackers may get around security measures and use compromised proxy devices to access private home networks.
He discovered that IPIDEA, the largest proxy network, had a significant security flaw that allowed hackers to tunnel into people’s home networks and infect linked devices with malware without the need for authentication.
Brian Krebs, a researcher and analyst at KrebsOnSecurity, highlighted Brundage’s important discoveries after the researcher informed several proxy providers of the vulnerability.
