Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    NetNut proxy network disrupted, 2 million infected devices cut off

    July 3, 2026

    Behind the Blog: With Blogs Like These, Who Needs a Private Jet

    July 3, 2026

    ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit

    July 3, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»NetNut proxy network disrupted, 2 million infected devices cut off
    News

    NetNut proxy network disrupted, 2 million infected devices cut off

    adminBy adminJuly 3, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    NetNut residential proxy network disrupted after hijacking 2 million devices

    A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes.

    Also known as Popa, the NetNut botnet allowed cybercriminals and espionage groups to hide behind legitimate home internet addresses when launching attacks.

    According to the Google Threat Intelligence Group (GTIG), the residential proxy botnet is estimated to comprise at least two million compromised devices.

    image

    “GTIG estimates Netnut controls at least 2 million infected devices globally (including smart TVs and streaming boxes), powered by trojanized applications and botnets like Badbox 2.0 that package proxy plugins,” Google told BleepingComputer.

    Residential proxy networks work by compromising home systems and selling access to them, allowing threat actors to conceal malicious traffic by routing it through the victims’ residential IP addresses.

    Typically, home devices become part of the botnet after being infected with malware that is either pre-installed before purchase or added via malicious or trojanized applications downloaded by the user.

    As a result, infected consumer devices serve as exit nodes in the botnet, routing unauthorized network traffic through their residential IP addresses, which can cause the devices to be flagged as suspicious or blocked by internet service providers or online services.

    Dismantling the NetNut botnet involved a coordinated effort that included Google, the FBI, Lumen Technologies, The Shadowserver Foundation, and other industry partners.

    FBI seized domain used by the NetNut residential proxy network
    FBI seized domain used by the NetNut residential proxy network
    source: BleepingComputer

    The malicious proxy service is considered one of the largest networks in the world, being used by hundreds of threat actors.

    It uses multiple domains, including netnut.com, which was taken down by the FBI.

    “I checked with the disruption team and confirmed .com domain was also used by them along with other domains taken down,” Mark Karayan, Communications Manager at Mandiant, told BleepingComputer.

    GTIG said that in one week last month it “observed 316 distinct threat clusters using suspected NetNut exit nodes, including cybercriminal and espionage groups.”

    According to the researchers, threat actors used NetNut to access their own infrastructure, conduct password-spraying attacks, and to reach victim environments.

    On its part, Google disabled the accounts and services on its infrastructure that NetNut operators used for malware command-and-control (C2), thus blocking access to “critical backend infrastructure.”

    The company protected users by automatically warning them and disabling infected applications using Google Play Protect, the built-in security mechanism on Android.

    Additionally, Google shared technical details on NetNut’s software development kits (SDKs) and backend command-and-control (C2) infrastructure with platform providers, law enforcement agencies, and cybersecurity researchers.

    Google expects disrupting NetNut to have a broader impact in the proxy industry as the botnet “has a robust reseller program that allows whitelabeling of its network” and many of the popular residential proxy services are fueled by NetNut.

    Karayan told BleepingComputer that disrupting one proxy service often prompts operators to purchase replacement capacity from competing providers, turning them into a reseller.

    “The proxy industry is deeply interconnected where operators constantly buy and resell each other’s botnet capacity, and Netnut is among the largest and most popular residential proxy networks in the world.”

    The action against NetNut is part of Google’s commitment to dismantle residential proxy botnets and follows the disruption of IPIDEA earlier this year.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleBehind the Blog: With Blogs Like These, Who Needs a Private Jet
    admin
    • Website

    Related Posts

    News

    Behind the Blog: With Blogs Like These, Who Needs a Private Jet

    July 3, 2026
    News

    ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit

    July 3, 2026
    News

    Webinar: Why traditional email security is no longer enough

    July 3, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    NetNut proxy network disrupted, 2 million infected devices cut off

    July 3, 2026

    Behind the Blog: With Blogs Like These, Who Needs a Private Jet

    July 3, 2026

    ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit

    July 3, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.