Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

The Hacker News by The Hacker News
July 2, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Swati KhandelwalJul 02, 2026Cybercrime / Botnet

Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic.

Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by millions.

Google identifies NetNut, also tracked as Popa, as a network spread across home devices worldwide, including smart TVs and streaming boxes, and GTIG estimates the network holds at least 2 million devices.

If one of those devices is in your home, strangers can route their own traffic through your internet connection, and your address gets the blame for whatever they do with it.

How It Works

A residential proxy network sells access to real home internet addresses. Attackers pay to route their traffic through your connection so it looks like ordinary home browsing, not the datacenter traffic that security tools tend to block.

To build that pool, operators need their code running on home devices. Some devices ship with it pre-installed on cheap off-brand hardware; others pick it up when someone installs a free app that hides it. Once it is running, the device becomes an “exit node,” a doorway that other people’s traffic flows through.

Google says an exit node brings outside traffic inside the home network, giving attackers a foothold to reach other devices on it. Some of these home gadgets have also been pulled into large attack botnets such as Mirai and Badbox 2.0.

In a single week in June, GTIG counted 316 distinct threat clusters using suspected NetNut exit nodes, including cybercriminal and espionage groups, to hide their real location and run password-guessing attacks.

The Company Behind It

Unlike most proxy botnets, NetNut traces back to a public company. In June, researchers at Qurium, Synthient, Nokia Deepfield, and Spur tied Popa to NetNut.

NetNut is a proxy provider owned by publicly traded Israeli company Alarum Technologies (NASDAQ: ALAR). In a controlled test, Synthient said traffic it sent into NetNut’s commercial gateway came out through a device it had enrolled in Popa.

Synthient framed that as evidence of the traffic path, not proof of what NetNut knew or intended. Google’s own intelligence aligns: it treats NetNut and Popa as the same network, and says the public reporting matches its view of how NetNut builds its botnet. The Hacker News covered the researchers’ findings when they were published.

Alarum rejects the “botnet” label. It calls the research “demonstrably inaccurate assertions and flawed deductions rather than verified facts,” and says its software is for consented bandwidth-sharing that does not compromise the devices it runs on.

The researchers’ testing complicates that defense: Synthient reported that none of the more than 20 apps it examined actually showed users a consent prompt.

Why One Takedown Isn’t Enough

Cutting off NetNut is messy by design. NetNut runs a reseller program that lets other companies sell its network under their own brand names. Google says it has high confidence that many popular, seemingly separate proxy brands are really reselling the same NetNut pool.

So a single takedown ripples across a lot of brands that look independent but are not.

That is also why Google calls this degradation, not a kill. It says its earlier action against a similar IPIDEA network showed these networks can look resilient: operators start buying capacity from rivals, in effect becoming resellers themselves. Real, lasting damage, Google says, means going after several connected providers at once.

In January, Google and partners disrupted IPIDEA, a China-based network that at its peak was one of the largest of its kind. In July 2025, Google took the operators of Badbox 2.0 to court, the botnet of hijacked Android TV devices whose components overlap with Popa. Each time, the networks proved stubborn.

What Consumers Should Do

The single clearest warning sign is an app that offers to pay you for your “unused bandwidth” or for “sharing your internet.” That is one of the main ways these networks grow.

Beyond that:

  • Stick to official app stores, and check what permissions a VPN or proxy app is asking for.
  • Keep built-in protections like Google Play Protect switched on.
  • Buy streaming boxes and smart TV hardware from known manufacturers, not no-name brands.

The demand for these home addresses does not disappear when a network goes down; it just moves. For defenders and platforms, the next signal to watch is whether NetNut-linked traffic resurfaces under reseller brands.



Source link

The Hacker News

The Hacker News

Next Post
Citadel’s hedge funds post broad first-half gains, top performing strategy sidesteps quant selloff

Citadel's hedge funds post broad first-half gains, top performing strategy sidesteps quant selloff

Recommended.

Hot New Thermodynamic Chips Could Trump Classical Computers

Hot New Thermodynamic Chips Could Trump Classical Computers

March 24, 2025
IBM and the EY organization debut artificial intelligence-powered global tax compliance solutions

IBM and the EY organization debut artificial intelligence-powered global tax compliance solutions

May 2, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio