Home / Technology / Google Shuts Down Hacker TV Botnet
Google Shuts Down Hacker TV Botnet
3 Jul
Summary
- Google disrupted a botnet spanning millions of Android-based TV boxes.
- An Israeli proxy provider allegedly abused devices for hacking activities.
- Hijacked traffic facilitated account takeovers and ad fraud.

Google has announced a significant crackdown on an Israeli residential proxy provider, NetNut, for allegedly exploiting millions of consumer connected TV devices to host illicit internet traffic for hackers. Working with the FBI and Lumen Technologies, Google disrupted a botnet identified as "Popa," which was reportedly using Android-based TV boxes to enable various malicious activities.
The investigation revealed that NetNut's network potentially encompassed over 2 million devices globally. Threat actors utilized these proxy exit nodes to mask their real IP addresses, conduct password spraying attacks, and gain access to private home networks, exposing users to further internet threats. Hijacked traffic was also used for ad fraud.
Google stated that NetNut allegedly expanded its botnet by distributing software development kits through devices commonly found in homes, such as smart TVs and streaming boxes. This pre-installed software covertly allowed NetNut to relay internet traffic without the owner's knowledge.
In response, Google disabled NetNut's services controlling the botnet and is using Android's Google Play Protect to disable applications incorporating NetNut's SDKs. While this action significantly reduced the available devices, Google warns NetNut might attempt to rebuild its network. Consumers are advised to purchase streaming devices from reputable manufacturers and to be wary of applications offering payment for 'unused bandwidth' or 'internet sharing.'