Particle.news

FBI and Google Disrupt NetNut Residential Proxy Network

The operation cut millions of devices from a residential proxy system and revealed how reseller channels and bundled SDKs let such networks recover quickly.

Overview

  • The FBI replaced NetNut’s public homepage with a seizure banner on Thursday and seized hundreds of domains after a coordinated operation with Google, Lumen, Shadowserver and the IRS Criminal Investigation division.
  • Google’s Threat Intelligence Group says the service, tracked as the Popa botnet, includes at least two million home devices and that the takedown reduced the network’s pool of usable devices by millions.
  • Researchers say NetNut built capacity by embedding proxy SDKs in cheap Android smart TVs, streaming boxes and unofficial apps so those devices became always‑on exit nodes that relay other people’s traffic without clear consent.
  • Multiple security firms linked the infrastructure to Alarum Technologies, NetNut’s public parent company, which denies the botnet label and says it will cooperate with investigations.
  • Experts warn the proxy market can rebuild quickly because operators resell capacity and white‑label networks, so defenders should watch for traffic reappearing under other brands and users should stick to trusted devices and keep Play Protect enabled.