FBI and Google Shut Down NetNut Cyber Proxy Network Exploiting Smart TVs and Android Devices
Google and the FBI, along with other law enforcement agencies, recently dismantled the NetNut cyber proxy network, also known as Popa, which had compromised over two million devices worldwide. These included smart TVs, streaming boxes, and various Android devices. The network allowed cybercriminals and espionage groups to hide behind legitimate residential IP addresses to conduct spying and password theft operations without users' knowledge.
The infected devices became part of a botnet after being infected with malware detected by Google Play Protect. In some cases, the malware was pre-installed before purchase, while in others it was introduced through trojanized apps downloaded by users. These devices acted as exit nodes, making malicious traffic appear as if it originated from innocent users' homes, complicating detection by internet service providers.
Attackers used the network to carry out password spraying attacks and to infiltrate corporate environments while bypassing geographic security barriers. This enabled hackers to operate stealthily beneath advanced defense systems. In a coordinated operation, the FBI seized key domains including netnut.com, while Google disabled all cloud accounts and services used by the network operators to control the malware, severing communication with infected devices.
Google is proactively warning affected users and disabling infected apps on their devices. The company has also shared technical details about NetNut’s development kits with security researchers and platform providers to prevent the network’s reemergence under different brands. This action is part of a broader commitment by major tech companies to dismantle botnet infrastructures that fuel global cybercrime.
The same event, reported separately by each outlet. Open a few to compare what different newsrooms emphasize — and what they leave out.
Not the same event — other stories that share this one’s people, places, or theme: background, reactions, and follow-ups.