Google and the FBI are targeting the massive botnet that is quietly using home devices to hide cybercrimes


The FBI, in partnership with Google and other tech companies, has struck a major blow against NetNut, a public residential network proxy service that secretly hosts a botnet that controls nearly 2 million Android TVs and similar smart home devices. The network has been used for password spraying, credential attacks, and other malicious activity.

Home proxy botnets make malicious traffic look like normal Internet usage, allowing cybercriminals to secretly hijack everyday devices to conduct illegal activities using your home Internet. Infected home devices were often pre-loaded with malware used by the botnet, making traditional home security practices less effective in detecting and stopping the problem.

According to an FBI statement emailed to CNET, on July 2, the federal agency carried out “a court-mandated seizure of multiple domains as part of coordinated law enforcement actions with the Department of Justice and IRS criminal investigations targeting infrastructure associated with the NetNut residential proxy platform, its administrators, and its users.”

authorities I worked side by side with Google, Lumen Technologies and Shadowserver Foundation to go after NetNut and its services – also known as the Popa botnet by security researchers. Google said in Blog post That the actions “caused significant degradation of NetNut’s agent network and business operations, reducing the pool of devices available to the agent operator by millions.” The NetNut website is now visible FBI Takedown Notice.

Google has admitted that removing NetNut is only the first step. Since these proxy networks often share access to each other’s botnets and resell them, disrupting one provider often leads to malicious actors purchasing capacity from a competitor. To make a lasting impact, Google said it must “target the infrastructure of many interconnected providers” at once.

NetNut takedown notice by the Federal Bureau of Investigation (FBI), the IRS, and several technology companies.

NetNut’s official website has been removed with this seizure notice in its place.

FBI

How did these robots work?

In 2024, security researchers at XLab discovered Robots Vo1da huge collection of hacked, mostly unbranded Android TV devices. If you remember AI fake video of Donald Trump and Elon Musk It appeared on televisions at the Department of Housing and Urban Development, and was likely caused by a malicious actor using the Vo1d botnet.

These same researchers also found Popa, a legitimate network protocol plug-in that turns consumer devices into residential proxy nodes with user consent. but The version found by researchers It is installed on hacked Android TV devices without user consent. According to To the FBIA residential proxy node is “an intermediary server between individuals and the websites they visit to make their communications appear to originate elsewhere.”

Residential proxy networks are legal in the United States, and companies that use them typically sell access to enterprise clients. Where it is used often For security penetration testing, verifying ads, collecting marketing data, and unlocking geo-locked websites. Since residential nodes use real IP addresses from someone’s home, the company or person using the node is considered by the World Wide Web to be just an ordinary user, and their true identity is hidden.

Android TV devices that were part of the Vo1d botnet and were infected with Popa allowed cybercriminals to launch attacks, exfiltrate data from infected devices in search of sensitive information like passwords, and even hijack the device to perform malicious tasks, all while the hacker appeared to originate from the house across the street or the apartment across the hall without actually being there.

This is where NetNut comes into play. NetNut is a public residential proxy network operator owned by Alarum Technologies, Inc Public joint stock company Outside Israel. According to Google, it was one of the largest residential proxy network operators in the world.

On the surface, NetNut looked like a legitimate business, and it was Official website Where you can purchase their services. However, late last month, Many researchers It confirmed that the traffic generated by the Popa botnet was from NetNut users. This meant that NetNut was effectively selling its botnet openly to anyone, for both legitimate and illicit uses, giving the authorities enough evidence to bring the company down.

Stay safe from the next attack

The good news is that making sure you don’t join the next Android TV botnet is actually pretty easy. According to Google and Security researchersthe vast majority of the hacked devices were no-name Android TV streaming devices that you can freely find on Amazon, Temu, AliExpress, and other online outlets.

Many of those flocking sticks and boxes exist Very cheapBut they work. The problem is that almost all of them run outdated versions of Android, which is easy to hack since these devices don’t have the modern protections that newer versions offer.

Some brands sell streaming boxes that promise free streaming without subscriptions. They are often advertised on Instagram and TikTok by Influencers with fresh faces Who claim to offer a solution for streaming TV without a subscription. Security researchers found that many of these broadcast boxes Her breakthrough came With the robotics software installed out of the box.

So, the first step to avoid becoming part of a botnet is to only buy Android TV devices from reputable companies like Sony, Nvidia, Google, etc. Try purchasing a device that runs a recent version of Android and continues to get security updates. You should also avoid the “one price, no subscriptions” boxes found on social media, as they almost certainly come with malware pre-installed.

Botnets like this aren’t unique to Android TV. Smart home devices are They are also constantly included in botnetsSo the second step to staying safe is to make sure you apply all the above tips to your smart home products as well. You should also keep up with the latest trends, Like fast programsa new type of malware that hacks your devices by asking the on-board AI to do it on the hacker’s behalf.

This incident is an important reminder that you should be wary of cheap, low-quality technology promoted by influencers – otherwise you risk your personal identity information being stolen. The usual bunch of things help too, like making sure you have a strong password, learning how to avoid phishing emails and not revealing any personal details to suspicious online figures.



Leave a Reply

Your email address will not be published. Required fields are marked *