Who Operates the Badbox 2.0 Botnet?

Who Operates the Badbox 2.0 Botnet? Krebs on Security krebsonsecurity.com/2026/01/w… The operators of Kimwolf, a disruptive botnet that has infected more than two million devices, recently shared a screenshot suggesting they had compromised the control panel of Badbox 2.0. Badbox 2.0 is a large China-based botnet powered by malicious software pre-installed on many Android TV streaming boxes. Both the FBI and Google have confirmed they are actively pursuing those responsible. Due to public boasting by the Kimwolf operators, additional insight into the actors behind Badbox 2.0 has now emerged. An earlier 2026 report, The Kimwolf Botnet Is Stalking Your Local Network, detailed the highly invasive propagation techniques used by Kimwolf. That analysis highlighted that the majority of infected systems were unofficial Android TV devices, commonly marketed as one-time-purchase platforms for accessing pirated movie and television streaming services. A subsequent report published on Jan. 8, Who Benefitted from the Aisuru and Kimwolf Botnets?, cited multiple sources identifying the current Kimwolf administrators by the online aliases “Dort” and “Snow.” More recently, a former close associate of these individuals provided a screenshot allegedly captured by the Kimwolf operators while logged into the Badbox 2.0 botnet control panel.