TechBriefe
Tech Briefing

NetNut Proxy Network Shut Down, Millions of Devices Freed

Alex Mercer 08.07.2026

The Scale of the Infection

A collaborative effort led by Google has dismantled NetNut, a large-scale proxy network. This network utilized over two million compromised Android devices globally. These included smart TVs and streaming media players. The disruption occurred recently, severing access for malicious actors.

NetNut operated by infecting devices with malware, turning them into unwitting proxies. Cybercriminals then leased this network to conduct various illegal activities. These included ad fraud, credential stuffing, and scraping data from websites. The network, also known as Popa, masked the origin of malicious traffic. This made it difficult to trace back to the actual attackers.

The sheer number of infected devices highlights the vulnerability of the growing ecosystem of Android-powered devices. Many users are unaware their devices are part of a botnet. NetNut’s business model relied on secretly exploiting these devices for profit. Google’s Threat Intelligence Group played a crucial role in identifying and dismantling the operation. They worked with other partners to sever the network’s infrastructure.

Why Were These Devices Targeted?

The compromised devices weren’t just smartphones. A significant portion consisted of smart TVs and streaming boxes. These devices often have weaker security measures than phones. This makes them easier targets for malware. Once infected, they continuously routed traffic for malicious purposes, impacting network performance for legitimate users.

NetNut specifically targeted residential IP addresses. This is because traffic originating from these addresses appears more legitimate than traffic from known data center IP addresses. This allowed criminals to bypass security measures implemented by websites and online services. The network offered a way to circumvent IP blocking and other anti-fraud technologies.

Google successfully submitted takedown requests to NetNut’s infrastructure providers. This effectively cut off the botnet’s access to the internet. The company also alerted device manufacturers and mobile network operators. They are now working to help users identify and remove the malware from their devices.

Frequently Asked Questions

The disruption of NetNut represents a significant win in the fight against cybercrime. It demonstrates the importance of collaboration between tech companies and security researchers. However, it’s unlikely to be the last such network to emerge. The demand for proxy services for illicit purposes remains high. Users must remain vigilant and practice good cybersecurity habits.

What is a residential proxy network? A residential proxy network uses IP addresses assigned to real homes. This makes the traffic appear legitimate, bypassing many security filters. Cybercriminals use these networks to hide their activities.

How can I tell if my device is infected? Unusual network activity or slower performance could indicate an infection. Regularly scan your device with a reputable antivirus program. Keep your software updated to patch security vulnerabilities.

Share:

More stories: