Law enforcememtn operation disrupted Malicious Residential Proxy Networks NetNut


Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut

Pierluigi Paganini
July 03, 2026

Google disrupted NetNut, a major proxy network that routed internet traffic through compromised home devices used by cybercriminals.

Google has disrupted NetNut, one of the world’s largest residential proxy networks. The service routed internet traffic through home devices, allowing customers to hide their real location and identity.

“Today, in coordination with the FBI, Lumen, and others, Google took action against the NetNut residential proxy network, also known as Popa.” reads the Google’s announcment. “This action builds on our disruption of the IPIDEA proxy network that took place in January 2026, and is a continuation of Google’s objective to dismantle malicious residential proxy networks.”

While proxy services have legitimate uses, networks like NetNut are also widely abused by cybercriminals for fraud, account takeovers, web scraping, and other malicious activities.

NetNut is composed of approximately 2 million compromised home devices. It turns smart TVs, streaming boxes, and other consumer devices into proxy nodes, allowing cybercriminals and espionage groups to hide their identity. Owners often have no idea their devices are being misused, exposing their home networks to additional threats while their internet connections can be abused for hacking, password spraying, fraud, and DDoS attacks.

“In a single week during June 2026, GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes, including cybercriminal and espionage groups. These bad actors can use NetNut to mask their origin IP address when accessing victim environments, accessing their own infrastructure, and conducting password spray attacks.” states the announcement. “Furthermore, when a consumer device becomes an exit node, unauthorized network traffic passes through it.”

Google warns users to avoid apps that promise money for sharing “unused bandwidth” or internet access, as they are often used to build malicious proxy networks. Download apps only from trusted stores, review VPN and proxy permissions, and keep security features like Google Play Protect enabled. When buying connected devices such as TV boxes, choose reputable brands and verify they are Play Protect certified to reduce the risk of compromise.

“While point-in-time disruptions are a critical tool to protect our users, continued and coordinated effort is needed to reduce malicious proxy networks in the long run.” concludes the announcement. “We encourage mobile platforms, ISPs, and other tech platforms to continue sharing intelligence and to take direct action to block malicious C2 infrastructure.”

Cybersecurity firms involved in the investigation linked NetNut to Alarum Technologies, although the company denies operating a botnet and says users consent to bandwidth sharing. Researchers dispute that claim, reporting no clear user consent in tested apps. Google’s disruption has weakened NetNut by removing millions of compromised devices, but warns the threat remains because many proxy providers resell the same infrastructure. Experts believe the takedown will significantly disrupt cybercriminals while also reducing abuse tied to large DDoS botnets.

“Alarum takes this matter seriously and will fully cooperate with law enforcement to ensure any misuse of its infrastructure is thoroughly investigated and those responsible are held to account,” Omer Weiss, legal counsel for NetNut parent Alarum Technologies, said in a written statement, as reported by KrebsOnSecurity.

Synthient founder Benjamin Brundage recently reported he believes the operation is a major setback for cybercriminals, especially after Google’s earlier action against IPIDEA, NetNut’s main competitor, significantly weakened another key source of residential proxy infrastructure.

“As KrebsOnSecurity has warned repeatedly, most of the no-name TV streaming boxes for sale on the major e-commerce websites either come pre-installed with residential proxy software, or require the installation of proxy SDKs in order to use the device for its stated purpose (streaming pirated movies, sporting events and TV shows).” concludes KrebsOnSecurity. “Google’s advice here is sound: When it comes to TV boxes, stick to name brands from reputable manufacturers, and then be sparing and judicious with any apps you choose to install.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, botnet)







Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


One of the worst things about the explosion of AI tools is how much more advanced scam calls have become. It’s now entirely possible to get fake calls with voices that sound exactly like people you know. The June Android drop is here to address this (and add some other goodies).

Fake Call Detection

When scammers impersonate your contacts

1. Call spoofing diagram Credit: Google

The aforementioned voice duping is only one part of the scamming process. If the call comes from an unknown number, you’re far more likely to ignore it. That’s why scammers can also make their calls appear to be coming from numbers you trust.

Fake Call Detection is a new feature in the Phone by Google app that pops up an alert when a caller is suspected of impersonating your contacts. The alert says, “This may not be [Name]” and gives you the option to immediately hang up.

Google Photos is your new wardrobe

Digitally store and try on clothes

You may not know it, but there’s an entire category of apps dedicated to allowing people to catalog their wardrobes. Now, Google Photos is hoping to get in on it with a new “Wardrobe” collection.

First, you snap photos of your clothes and let Google Photos neatly put them on a white background. From there, everything can be categorized by item. You can then tap “Create” and put outfits together, which you can digitally try on. It’s a pretty cool feature that many apps charge a fee for.


Personal safety features expand to kids

13 and under

Google is making the Personal Safety app for Pixel phones available to kids under 13. Features include the ability to display medical information, setting emergency contacts on the lock screen, and car crash detection. In addition, kids over 13 can now use Safety Check and real-time sharing with emergency contacts.

“Catch me up” in Google Play Books

Recaps of what you’ve read

Remember Google Play Books? The company’s often overlooked eBook platform is getting a new feature to help you catch up when you haven’t read a book in a while. It works pretty much how you’d expect—AI summarizes what’s happened up until your current position in the book. It’s also possible to highlight text and ask questions about what you’re reading. These features are part of the new “Book Insights” button.

Quick Share 🤝 AirDrop

Now works with more devices

Last year, Google announced that the Pixel 10 series could share content with Apple’s AirDrop through Quick Share. Since then, it has very slowly expanded the functionality to more phones. Now, once again, the company is announcing even more devices.

The previous list was the Pixel 10 series, Galaxy S26 series, Oppo Find X9 series, Find N6, and Vivo X300 Ultra. New entries include the Galaxy S25 series, S24 series, Z Flip 7, Z Fold 7, Z Flip 6, Z Fold 6, Z TriFold, OPPO Find X8 series, OnePlus 15, HONOR Magic V6, and Magic8 Pro.

Keep your eyes peeled for these features to be rolling out to Android devices and the accompanying apps over the next few days and weeks.

Source: Google



Source link