FBI seizes NetNut proxy platform behind 2-million-device popa botnet

The FBI seized domains tied to NetNut, a residential proxy service linked to a botnet of at least two million compromised smart TVs and streaming devices.

CSBadmin
1 Min Read

The FBI has seized hundreds of domains associated with NetNut, a residential proxy service operated by Israeli company Alarum Technologies, after security researchers linked the platform to the Popa botnet. The botnet comprises at least two million compromised devices — predominantly smart TVs and streaming boxes — that are turned into always-on proxy nodes without meaningful user consent.

The seizure, coordinated with Google, Lumen, and Shadowserver, follows reporting that connected NetNut to Popa. Google’s Threat Intelligence Group said it observed 316 distinct threat actor clusters using NetNut exit nodes in a single week, including cybercriminal and espionage groups. NetNut’s proxy network has been widely resold and white-labeled by third-party providers.

Experts warn that when consumer devices become exit nodes, unauthorized traffic passes through home networks, potentially exposing other private devices. Google disabled accounts and apps used by NetNut for command-and-control operations. Omer Weiss, legal counsel for Alarum Technologies, said the company is cooperating with investigators.

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.