Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Google Disrupts Massive NetNut Proxy Network

Google Disrupts Massive NetNut Proxy Network

Posted on July 2, 2026 By CWS

In a decisive move against cybercrime, Google has significantly disrupted the NetNut proxy network, which covertly transforms household devices into conduits for external internet traffic. Collaborating with the FBI, Lumen, and other partners, Google’s Threat Intelligence Group (GTIG) announced this week that it has drastically reduced the number of active devices within this network, estimated to comprise millions.

Understanding the NetNut Network

NetNut, also referred to as Popa, is identified as a vast collection of residential devices globally, including smart TVs and streaming gadgets. GTIG estimates that at least 2 million devices were part of this network, serving as gateways for external traffic. This setup allows outsiders to mask their online activities as legitimate home internet usage, thus avoiding detection by security systems.

These devices become ‘exit nodes’ when operators deploy their software onto them, often pre-installed on budget hardware or acquired through seemingly benign applications. Once operational, these nodes permit external traffic to pass through a home’s internet infrastructure, potentially exposing other devices to security threats. Such networks have historically been integrated into larger botnets like Mirai and Badbox 2.0.

Corporate Connections and Controversies

Unlike many proxy botnets, NetNut is linked to a publicly traded entity, Alarum Technologies (NASDAQ: ALAR). Recent research by Qurium, Synthient, Nokia Deepfield, and Spur has connected NetNut to its commercial operations. In testing, Synthient demonstrated that traffic routed through NetNut’s systems emerged from a device enrolled in Popa, aligning with Google’s findings that NetNut and Popa are interconnected.

Alarum Technologies disputes the characterization of NetNut as a botnet, arguing that their software is intended for consensual bandwidth sharing. However, researchers found no evidence of user consent being sought by the numerous applications they analyzed.

Challenges in Network Disruption

Disabling NetNut entirely is complex, given its structure. The network’s reseller model allows various companies to market its services under different brand names, complicating efforts to target it as a single entity. Google emphasizes that this operation is a degradation, not a complete takedown, as previous efforts against similar networks, like IPIDEA, demonstrated their adaptability and resilience.

For consumers, vigilance is key. Avoiding applications that offer compensation for bandwidth sharing can prevent inadvertent participation in such networks. Consumers are encouraged to download apps from reputable sources and use hardware from well-known manufacturers to safeguard their devices from being co-opted.

As Google and its partners continue their efforts, the enduring challenge will be monitoring how NetNut’s operations might re-emerge under new identities, maintaining the need for ongoing vigilance and collaborative cybersecurity initiatives.

The Hacker News Tags:Alarum Technologies, Botnet, Cybercrime, Cybersecurity, FBI, Google, GTIG, home devices, internet security, Lumen, NetNut, Popa, proxy network, residential proxies

Post navigation

Previous Post: Microsoft 365 Under Threat: Phishing Panel Exploits OAuth Flow
Next Post: New Malware Campaign Exploits TryCloudflare and Python

Related Posts

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild The Hacker News
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms The Hacker News
CRESCENTHARVEST Campaign Targets Iranian Protest Allies CRESCENTHARVEST Campaign Targets Iranian Protest Allies The Hacker News
Chrome Extensions Turn Malicious, Sparking Security Concerns Chrome Extensions Turn Malicious, Sparking Security Concerns The Hacker News
AI-Driven Cyber Attacks Surge in 2025 AI-Driven Cyber Attacks Surge in 2025 The Hacker News
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ransomware Groups Exploit Citrix Vulnerability
  • New Malware Campaign Exploits TryCloudflare and Python
  • Google Disrupts Massive NetNut Proxy Network
  • Microsoft 365 Under Threat: Phishing Panel Exploits OAuth Flow
  • AsyncRAT Exploits Remote Tools for Hidden Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ransomware Groups Exploit Citrix Vulnerability
  • New Malware Campaign Exploits TryCloudflare and Python
  • Google Disrupts Massive NetNut Proxy Network
  • Microsoft 365 Under Threat: Phishing Panel Exploits OAuth Flow
  • AsyncRAT Exploits Remote Tools for Hidden Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark