Google: This Proxy Service Is Using TV Streaming Devices to Host Cybercrime | #cybercrime | #infosec


Google is cracking down on an Israeli residential proxy provider for allegedly abusing connected TV devices to host internet traffic for hackers. 

Google says it worked with the FBI and Lumen Technologies to disrupt a botnet, an army of infected computers, spanning Android-based TV boxes sold to consumers. It linked the botnet to the Israeli service NetNut, which sells residential proxies that allow customers to route their internet traffic to IP addresses based in different countries. This came after cybersecurity researchers found the botnet, dubbed “Popa,” has been abusing millions of consumer TV streaming devices to host a wide range of hacking activities, such as account hijacking 

Google’s investigation confirmed that NetNut’s network appears to span “at least 2 million devices, distributed across the world.” In addition, the company found evidence that 316 distinct threat clusters used suspected NetNut proxy exit nodes, including cybercriminal and spying groups. 

“These bad actors can use NetNut to mask their origin IP address when accessing victim environments, accessing their own infrastructure, and conducting password spray attacks,” the company’s report warns. “Furthermore, when a consumer device becomes an exit node, unauthorized network traffic passes through it. This means bad actors can access other private devices on the same home network, effectively exposing them to internet threats.”

In other cases, hijacked traffic was used for ad fraud, which generates cash by inflating web traffic. 

(Credit: Synthient.com)

Google adds that NetNut allegedly grew the botnet by distributing software development kits for “devices commonly found in homes, such as smart TVs and streaming boxes.” That preinstalled software secretly gave NetNut a way to maintain access to the devices and relay internet traffic through them, without the owner’s knowledge. 

In response, Google, which develops the Android OS, shut down the Google accounts and services NetNut relied on to control the botnet. Android’s built-in Google Play Protect has been disabling “applications known to incorporate NetNut SDKs, and the system will continue to protect users against future install attempts,” the company says.

The disruption should reduce “the available pool of devices for the proxy operator by millions,” Google added. But the company warns that NetNut may try to rebuild its network, possibly by buying capacity from a competitor. In the meantime, Google is urging consumers to buy TV streaming devices from reputable manufacturers, rather than unknown providers peddling cheap set-top boxes secretly loaded with malware

Recommended by Our Editors

The company added: “Consumers should be extremely wary of applications that offer payment in exchange for ‘unused bandwidth’ or ‘sharing your internet.’ These applications are primary ways for malicious proxy networks to grow, and could open security vulnerabilities on the device’s home network.” 

The crack down might damage the reputation of NetNut, as well as bring it legal troubles. But the provider’s parent Alarum Technologies told PCMag it plans to cooperate with the FBI. “On July 2, 2026, Alarum and its subsidiary NetNut were made aware of the seizure of some of its domains by the FBI,” the company said. “Alarum takes this matter seriously and will fully cooperate with law enforcement to ensure any misuse of its infrastructure is thoroughly investigated and those responsible are held to account.”

In the meantime, NetNut’s website currently advertises shady services, including “limitless web data extraction” for companies looking to scrape data for AI training. 

About Our Expert





Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW