Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Unveiling the Sinister Network: Google's Crackdown on NetNut's Residential Proxy Operations


Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices, a notorious cybercrime operation that has been secretly exploiting millions of home devices worldwide. The operation marks a significant milestone in Google's efforts to combat cyber threats and highlights the need for consumers and organizations to remain vigilant in protecting themselves against malicious activities.

  • Google successfully disrupted the "NetNut" residential proxy network, which exploited millions of home devices worldwide.
  • NetNut used compromised home devices to route illicit traffic, bypassing traditional security measures.
  • The network held at least 2 million compromised devices and enabled malicious actors to launch targeted attacks.
  • Google's efforts were hindered by NetNut's sophisticated reseller program, making it difficult to track and disrupt.
  • Clients should be aware of the dangers of proxy networks and take proactive steps to protect their devices.



  • In a significant development that sheds light on the clandestine world of cybercrime, Google has successfully disrupted a vast residential proxy network known as NetNut, which has been secretly exploiting millions of home devices worldwide. The operation, spearheaded by Google's Threat Intelligence Group (GTIG), in collaboration with the FBI and other partners, marks a significant milestone in the company's efforts to combat the ever-evolving landscape of cyber threats.

    NetNut, also tracked under the alias Popa, has been identified as a notorious network that utilizes home devices, including smart TVs and streaming boxes, to route illicit traffic. This setup allows attackers to bypass traditional security measures, masquerading their malicious activities as legitimate home browsing. The network's modus operandi involves compromising devices with pre-installed malware or through free apps that conceal the presence of the malicious code.

    The extent of NetNut's operations is staggering, with estimates suggesting that the network holds at least 2 million compromised devices worldwide. These devices, once infected, become "exit nodes" that funnel outside traffic into the home network, providing attackers with a foothold to reach other devices on the network. This vulnerability has far-reaching consequences, as it enables malicious actors to launch targeted attacks, including password-guessing operations and espionage activities.

    Google's GTIG has been actively monitoring NetNut's activities, and their intelligence suggests that the network is not only using home devices but also overlapping with large attack botnets such as Mirai and Badbox 2.0. These botnets have been known to hijack devices, often used for DDoS attacks or other malicious purposes.

    The company behind NetNut, Alarum Technologies, a publicly traded Israeli firm, has been accused of perpetuating this malicious network. Researchers at Qurium, Synthient, Nokia Deepfield, and Spur recently tied Popa to NetNut, highlighting the network's potential as a proxy provider for nefarious activities.

    Google's efforts to dismantle NetNut have been hindered by its sophisticated reseller program. The network allows other companies to sell their services under their own brand names, creating a complex web of interconnected networks that can be difficult to track and disrupt.

    In the past, Google has successfully taken down similar proxy networks, such as IPIDEA, but NetNut's resilience poses new challenges for the company. In January 2026, Google collaborated with partners to disrupt IPIDEA, a China-based network that was one of its kind at the time. The operation demonstrated that these networks can be resilient, and operators often become resellers themselves.

    Google's current campaign against NetNut has brought significant attention to this issue. Consumers should be aware of the dangers of proxy networks and take proactive steps to protect their devices. One of the main warning signs is an app offering payment for "unused bandwidth" or "sharing internet." Furthermore, users are advised to stick to official app stores, verify permissions requested by VPN or proxy apps, keep built-in protections such as Google Play Protect enabled, purchase streaming boxes and smart TV hardware from reputable manufacturers, and remain vigilant for resurfacing traffic under reseller brands.

    The ongoing cat-and-mouse game between cybersecurity experts and malicious actors serves as a stark reminder of the ever-evolving landscape of cyber threats. While Google's efforts to dismantle NetNut have been successful in reducing its operational capacity, it is essential that consumers and organizations continue to exercise caution and vigilance in protecting themselves against these dangers.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Unveiling-the-Sinister-Network-Googles-Crackdown-on-NetNuts-Residential-Proxy-Operations-ehn.shtml

  • https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html


  • Published: Thu Jul 2 15:23:06 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us