KREBS on Security reports that the cybercriminals behind Kimwolf, a disruptive botnet that has infected more than 2 million devices, recently shared a screenshot suggesting they had compromised the Badbox 2.0 botnet control panel, a vast China-based botnet pre-installed on many Android TV streaming boxes.
The piece notes that Badbox 2.0 has been tied to a long-running operation, with Google filing a John Doe lawsuit in July 2025 against 25 defendants alleged to run the botnet, said to involve over ten million unsanctioned Android devices. It also reveals that seven authorised users appear in the Badbox 2.0 panel, including an account named ABCD believed by a source to belong to Dort, who allegedly added their email to the control panel.
According to Google and the FBI, both agencies are hunting for the people behind Badbox 2.0, while the article adds that Dort’s unauthorized access could give the Kimwolf operators a way to load malware directly onto affected TVs. This report, published on 26 January 2026, also traces aliases and email addresses linked to Chen Daihai and Zhu Zhiyu, and maps connections to related domains and entities in China.