With the rapid proliferation of internet-connected devices, cybercrime groups have expanded their reach to increasingly diverse targets. While IoT-based botnets are common, large-scale infections involving set-top boxes (STBs), TV remain rare, especially at the scale of millions of devices. Enter Bigpanzi,a notable exception in this landscape. This group operates multiple million-scale botnets,including Pandoraspear and Pandorapcdn, and is closely linked to the recently uncovered v01d botnet which has infected nearly 1.6 million devices across 220 countries worldwide. Their operations encompass traffic proxy services, DDoS attacks, and OTT content delivery, showcasing their persistence and profitability.

Bigpanzi stands apart for three key reasons:
1. Long-term activity: Evidence traces its operations back to 2015.
2. Massive scale: Sinkhole analysis reveals over one million daily active nodes.
3. Unique targets: Focused infections on Android-based TVs, eCos-based STBs and satellite receivers.