Popa botnet linked to NetNut residential proxy service infects millions of Android TV boxes

FBI identifies Popa Android botnet infecting millions of TV boxes through NetNut residential proxy service

CSBadmin
2 Min Read

The Federal Bureau of Investigation and financial investigators have identified a previously unknown Android-based botnet called Popa that has infected millions of consumer TV boxes, using them as residential proxies for advertising fraud, account takeovers, and data scraping operations.

Research from multiple security firms including Qurium has traced the botnet to NetNut, a residential proxy provider operated by the publicly-traded Israeli firm Alarum Technologies. The Popa botnet is believed to be associated with the Vo1d malware campaign targeting unofficial Android TV boxes sold under thousands of brand names on major e-commerce platforms. These devices, which advertise streaming services for a one-time fee, come pre-infected with software that enrolls the users home internet connection into a proxy network controlled by the botnet operators.

The botnet infrastructure was found to use domains controlled through a company called Ninjatech, founded by Moishi Kramer, who is vice president of research and development at NetNut. While Kramer stated that Ninjatech ceased operations five years ago and sold the Popa SDK to third parties, researchers say the infrastructure shows clear ties to the residential proxy provider. Users are advised to avoid unofficial Android TV boxes and to check whether their devices are contributing to proxy traffic on their home networks.

HTMLEOF

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.