Jul 3
/
Latest News
FBI Dismantles NetNut Proxy Network Linked to Massive Popa Botnet
The FBI has seized hundreds of domains tied to NetNut, a residential proxy service run by Alarum Technologies, after investigators and independent researchers — including journalist Brian Krebs — connected the company’s infrastructure to the sprawling Popa botnet.
The botnet, built on more than two million compromised smart TVs and streaming devices, was used to relay abusive traffic ranging from credential‑stuffing attacks to large‑scale scraping and advertising fraud.
NetNut’s homepage was replaced Thursday with an FBI and IRS Criminal Investigation seizure notice, acknowledging support from Google, Lumen, Shadowserver and other partners. Google’s Threat Intelligence Group said NetNut’s proxy network was heavily used by cybercriminals and even espionage actors, observing more than 300 clusters of malicious activity routed through suspected NetNut exit nodes in a single week. Google disabled accounts, apps and SDKs tied to NetNut and shared intelligence with law enforcement.
Security researchers say the takedown has significantly disrupted both the Popa botnet and NetNut’s commercial proxy service. Benjamin Brundage of Synthient, one of the firms that first documented the Popa–NetNut connection, said the action delivers a major blow to cybercriminals who flocked to NetNut after Google dismantled rival proxy provider IPIDEA earlier this year.
Alarum Technologies said it is cooperating fully with investigators. But experts warn the residential proxy ecosystem is resilient, with operators often rebuilding by reselling capacity from competitors — a pattern seen after the IPIDEA disruption.
The investigation also highlights a broader consumer threat: many low‑cost TV streaming boxes and even smart TV apps quietly enroll devices into residential proxy networks. As Krebs has repeatedly reported, these unofficial Android builds and uncertified apps can turn home electronics into always‑on nodes for criminal traffic. Google’s analysis found that 42 percent of LG webOS apps and more than a quarter of Samsung Tizen apps contained proxy components.
The botnet, built on more than two million compromised smart TVs and streaming devices, was used to relay abusive traffic ranging from credential‑stuffing attacks to large‑scale scraping and advertising fraud.
NetNut’s homepage was replaced Thursday with an FBI and IRS Criminal Investigation seizure notice, acknowledging support from Google, Lumen, Shadowserver and other partners. Google’s Threat Intelligence Group said NetNut’s proxy network was heavily used by cybercriminals and even espionage actors, observing more than 300 clusters of malicious activity routed through suspected NetNut exit nodes in a single week. Google disabled accounts, apps and SDKs tied to NetNut and shared intelligence with law enforcement.
Security researchers say the takedown has significantly disrupted both the Popa botnet and NetNut’s commercial proxy service. Benjamin Brundage of Synthient, one of the firms that first documented the Popa–NetNut connection, said the action delivers a major blow to cybercriminals who flocked to NetNut after Google dismantled rival proxy provider IPIDEA earlier this year.
Alarum Technologies said it is cooperating fully with investigators. But experts warn the residential proxy ecosystem is resilient, with operators often rebuilding by reselling capacity from competitors — a pattern seen after the IPIDEA disruption.
The investigation also highlights a broader consumer threat: many low‑cost TV streaming boxes and even smart TV apps quietly enroll devices into residential proxy networks. As Krebs has repeatedly reported, these unofficial Android builds and uncertified apps can turn home electronics into always‑on nodes for criminal traffic. Google’s analysis found that 42 percent of LG webOS apps and more than a quarter of Samsung Tizen apps contained proxy components.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.