NetNut Proxy Botnet Disrupted: Google, FBI Take Action
Summary
Authorities have taken action against the NetNut residential proxy network, also known as Popa. Google, working with the FBI and others, disrupted the network, which is estimated to include at least two million devices globally. Google disabled accounts and services NetNut used for malware command-and-control. They also updated Google Play Protect and disabled applications incorporating NetNut SDKs. NetNut populates its botnet by distributing SDKs for home devices like smart TVs and streaming boxes. This allows bad actors to route traffic through these devices, masking malicious activity. Devices can be pre-installed with malware or users unknowingly download apps with hidden proxy code. What's interesting is that this disruption builds on a previous takedown of IPIDEA in January 2026. The bottom line is that ordinary devices are being exploited, highlighting a consistent vulnerability when trust is placed too early in the chain.
This is an AI-generated audio summary. Always check the original source for complete reporting.