Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

FBI Cracks Down on NetNut Proxy Platform and Popa Botnet: A Threat to Global Cybersecurity



The Federal Bureau of Investigation (FBI) has seized hundreds of domains associated with NetNut, a residential proxy service linked to the Popa botnet, in an effort to disrupt malicious activities such as mass content scraping and advertising fraud. This takedown is part of a growing trend of law enforcement efforts aimed at combating cybercrime and protecting consumers' data.

  • The FBI took down the NetNut proxy platform, highlighting the evolving threat landscape faced by organizations.
  • NetNut was connected to the Popa botnet, a collection of at least two million devices compromised by malicious software.
  • The service was used for mass content scraping, advertising fraud, and account takeover activity.
  • NetNut's proxy network was widely resold and white-labeled by third-party providers, sought after by cybercriminals.
  • The takedown reduced the risk posed by large distributed denial-of-service botnets built on residential proxy services.



  • The recent takedown of the NetNut proxy platform by the Federal Bureau of Investigation (FBI) has sent shockwaves throughout the global cybersecurity community, highlighting the ever-evolving threat landscape that organizations face. The FBI's actions came after a series of security firms issued findings connecting NetNut to the Popa botnet, a collection of at least two million devices compromised by malicious software with little or no consent from victims.

    NetNut, a residential proxy service operated by publicly-traded Israeli company Alarum Technologies (NASDAQ: ALAR), has long been synonymous with malicious activities such as mass content scraping, advertising fraud, and account takeover activity. The service turns common home devices like smart TVs and streaming boxes into always-on residential proxy nodes that are rented out to others, predominantly for abusive and intrusive internet traffic.

    In a blog post published by Google's Threat Intelligence Group (GTIG), the company revealed that NetNut's proxy network is widely resold and white-labeled by several third-party proxy providers. These services have been sought after by cybercriminals seeking to obscure their malicious traffic. According to GTIG, in a single week during June 2026, they observed 316 distinct clusters of threat actors using suspected NetNut exit nodes, including cybercrime and espionage groups.

    These bad actors can use NetNut's proxy network to mask their origin IP address when accessing victim environments, their own infrastructure, and conducting password spray attacks. Moreover, when a consumer device becomes an exit node, unauthorized network traffic passes through it, allowing bad actors to access other private devices on the same home network and effectively exposing them to internet threats.

    Google took proactive measures to combat this threat by disabling Google accounts and services used by NetNut for malware command and control, as well as sharing technical intelligence with industry partners, law enforcement, and research firms. The company also disabled apps known to bundle NetNut's software development kits (SDKs). Furthermore, Google advised consumers to be cautious when using residential proxy services in TV boxes and other smart devices, warning that many of these services come pre-installed or require the installation of unofficial Android operating systems.

    Benjamin Brundage, founder of proxy tracking service Synthient, commented on the impact of the takedown. He stated that NetNut's demise is likely to be a great disadvantage for the cybercrime community, which was already reeling from legal actions by Google earlier this year that seized infrastructure for NetNut's biggest competitor — IPIDEA.

    NetNut's apparent demise has also reduced the risk posed by large distributed denial-of-service botnets built on poorly configured residential proxy services. Brundage noted that many of the bigger proxy providers have taken steps to block such activities, but resellers of the major proxy networks have been far slower to respond to this threat. He stated that the takedown would likely cause a ripple effect across the residential proxy ecosystem, as proxy operators begin buying capacity from their competitors and effectively become resellers.

    The actions by Google and the FBI serve as a stark reminder of the ongoing struggle against cybercrime and the importance of vigilance in protecting consumers' personal data. As the threat landscape continues to evolve, it is essential for organizations to stay informed and take proactive measures to protect themselves from emerging threats like NetNut's proxy platform.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/FBI-Cracks-Down-on-NetNut-Proxy-Platform-and-Popa-Botnet-A-Threat-to-Global-Cybersecurity-ehn.shtml

  • https://krebsonsecurity.com/2026/07/fbi-seizes-netnut-proxy-platform-popa-botnet/


  • Published: Thu Jul 2 15:16:30 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us