Google and FBI Shut Down Malicious Residential Proxy Network Installed in Millions of Smart Devices

Google and FBI Shut Down Malicious Residential Proxy Network Installed in Millions of Smart Devices

Google, Lumen, and the FBI have worked in lockstep to disrupt the massive malicious residential proxy network NetNut, also known as Popa, that has its claws in millions of devices.

NetNut is "among the largest and most popular residential proxy networks," says Google's Threat Intelligence Group (GTIG), with an estimated 2 million devices across the world afflicted.

NetNut's strategy involves distributing SDK's, or software development kits, for common household internet of things (IoT) devices such as smart TVs and streaming boxes.

Residential proxy providers such as NetNut operate by selling the ability to route traffic through residential IP addresses owned by internet service providers such as the one you likely buy your home internet access from.

These IP addresses are seen as less suspicious than ones owned by datacenters, which users of VPN services might notice when being blocked or presented with excessive CAPTCHAs during normal browsing.

But, in order to use real residential IP addresses, they need to run code in people's real home networks. With the rise in cheap IoT devices in recent years, security takes a backseat to cost.

Many devices either come pre-installed with malware such as NetNut's proxy service, or users may unwittingly install software with hidden proxy code inside, allowing their home network to be used for cybercrime.

It also allows attackers to attack other devices behind your router on the same network as your IoT devices.

Google warns that you should be wary of any service offering payment for "unused bandwidth" on your network as these are primary methods that these malicious proxy services spread. You're likely making yourself part of a botnet.

In order to protect yourself, make sure all IoT devices such as set top boxes are from reputable manufacturers. Google says you can check the Android TV website for the most up-to-date list of official Android TV partners and check if your device is Play Protect certified.

There's also something to be said for tech minimalism: does your toaster really need Wi-Fi and Bluetooth or can you get one that doesn't have that? Keeping your smart devices to a minimum is probably the best way to protect yourself against threats such as this.

Keeping the devices you do have updated is essential as well, so make sure to enable automatic updates and make sure your devices aren't end-of-life.

Community Discussion