Like seriously, many of them are sold for stupid cheap prices like $5/ea. Or advertise unlimited movies/shows/etc for similarly unbelievable prices.

Putting aside the copyright infringement aspect of it, to me it's extremely obvious "wait... _why_ am I paying so little here?".

No, it's not because movies and shows are 99.9999% profit (spoiler: they aren't), it's because you're _paying_ to install a backdoor that will rip and tear everything on your network it can.

You like having a credit card? That's precious, it's mine now.

Look at me, I'm the network now.

I'm confused. I intentionally use ADB over the network sometimes, and I have to explicitly interactively allow each adb client by its key. Are they shipping boxes with adb configured to just allow any connection without any verification?

It must be crowded on these devices by now - it may be a bit misleading to think of it as a single botnet when there are multiple unrelated entities controlling the same devices via the same methods.

https://blog.xlab.qianxin.com/kimwolf-botnet-en/#network-pro...

That article has a more technical lens. It focuses primarily on the size and detection evasion methods of Kimwolf, rather than some notable (and definitely not unique) method of spreading.

Without looking too deeply, I'm going to assume that this is a successful botnet because it managed to get into product supply lines at big box stores and in app store games, rather than some clever virus that is spreading across the world.

I hope someone will correct me if I am mistaken!

Oh no, let me get my tiny violin! Really hard to feel bad here. For most home users (that don’t expose anything sensitive on their LAN) these boxes are not a threat, seem to be doing a useful service in providing a superior streaming service that the balkanized official ones, and also shits on internet spammers/advertisers and frees up loginwalled content - sounds like a pretty good box really.