Google disrupts NetNut proxy network used in malware operations
Google said the disruption cut NetNut’s proxy pool by millions and blocked malware command-and-control traffic used by 316 threat clusters.
- On Thursday, Google and the Federal Bureau of Investigation disrupted the NetNut residential proxy network by seizing domains and disabling accounts controlling millions of infected home devices worldwide.
- NetNut grew its botnet by distributing software development kits for smart TVs and streaming boxes, secretly routing malicious internet traffic through consumer IP addresses without owner knowledge or consent.
- Google Threat Intelligence Group confirmed the network spans at least 2 million devices worldwide, with evidence showing 316 distinct threat clusters using suspected NetNut proxy nodes for cybercrime and espionage.
- Alarum Technologies, the Israeli parent company, stated it was aware of the FBI domain seizures on Thursday, July 2, 2026, and is cooperating with law enforcement to investigate infrastructure misuse.
- Researchers warn proxy networks often rebuild by reselling services, meaning the ecosystem may remain resilient; consumers should remain cautious of applications requesting payment for bandwidth or internet sharing.
19 Articles
19 Articles
NetNut proxy network disrupted, 2 million infected devices cut off
A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]
NetNut cracked as Google and FBI target 2 million-device botnet
Tech companies working with US law enforcement "significantly degraded" the NetNut residential proxy network as part of an ongoing effort to disrupt the tools cybercriminals use to conceal their activity, say researchers. The work was carried out by Google, Lumen, Shadowserver, the FBI, and others, and marks a continuation of the IPIDEA proxy network disruption from January. According to Google Cloud, those working on the operation believe NetNu…
FBI Seizes NetNut Proxy Platform, Popa Botnet
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices …
Google disrupts NetNut proxy network used in malware operations

Coverage Details
Bias Distribution
- 63% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium












