APT / THREAT GROUP

Kimwolf

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

KIMWOLF is an android based malware which uses compromised systems to relay malicious and abusive Internet traffic, as well as participating in distributed denial-of-service (DDoS). KIMWOLF primarily infects unofficial Android-TV set-top boxes and digital photo frames. The malware has frequently been noted to achieve infection spread via abusing Android Debug Bridge (ADB) and residential proxies. There are multiple reports suggesting a connection to the Aisuru botnet, with Kimwolf acting as the Android variant.

Threat Analysis

Kimwolf is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Kimwolf

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

Kimwolfapk.kimwolf

External Intelligence

Malpedia: apk.kimwolf

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Kimwolf — APT / Threat Group | Threat Intelligence | CTIWATCH.COM