- Google and law enforcement have degraded the NetNut proxy network, shrinking its pool of residential devices by millions.
- The network, which sells access to home IP addresses, has been linked to cybercrime and espionage groups conducting password-guessing attacks.
- Alarum Technologies, the publicly-traded Israeli company that owns NetNut, disputes the “botnet” label and claims its software involves user consent.
- Independent research, like that from Synthient, found no consent prompts in the apps used to build the device network.
In a major cybersecurity operation, Google‘s Threat Intelligence Group, working with the FBI and others, has degraded the vast NetNut residential proxy network, reducing its usable device pool by millions. This network, which turns home smart devices into hidden traffic relays, is estimated to encompass at least 2 million devices globally.
Attackers pay to route traffic through these residential connections, disguising their malicious activities as ordinary home browsing. Consequently, the compromised home’s IP address gets blamed for everything from espionage to password-guessing attacks.
Researchers at Qurium, Synthient, and others have linked the network to publicly-traded Alarum Technologies. Alarum rejects the botnet label, calling the research “demonstrably inaccurate assertions and flawed deductions.”
However, Google’s intelligence aligns with the public reporting, treating NetNut and its botnet alias Popa as the same entity. The disruption is complex because NetNut operates a reseller program, masking its footprint across many proxy brands.
Therefore, Google describes this as a degradation, not a complete kill. The demand for home IP addresses is persistent and simply migrates when one network is disrupted.
For consumers, the clearest warning is an app offering payment for “unused bandwidth.” Experts advise sticking to official app stores and avoiding no-name hardware brands to mitigate risk.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
