FBI disrupts botnet that allegedly turned infected smart TVs into criminal proxy network
- Southerton Business Times

- 3 days ago
- 2 min read

HARARE – Millions of internet-connected devices, including smart TVs, Android TV boxes and streaming devices, may have been unknowingly used as part of a global proxy network that cybercriminals allegedly exploited to conceal their online activities, according to recent cybersecurity investigations. The operation centred on malware known as Popa, which security researchers say infected Android-based consumer devices and connected them to a residential proxy service known as NetNut.
According to researchers at Google Threat Intelligence Group (GTIG), the compromised devices were used by hundreds of threat actors to route malicious internet traffic through residential IP addresses, making cyberattacks appear to originate from ordinary homes rather than criminal infrastructure. During one week in June, Google said it observed 316 distinct threat groups using the proxy network for activities including password-spraying attacks, reconnaissance linked to ransomware campaigns and cyber-espionage operations.
Unlike traditional botnets that are often used to launch attacks directly, residential proxy networks allow users to disguise the true source of internet traffic by routing it through legitimate household internet connections. This can make malicious activity more difficult for investigators to trace and block. The Federal Bureau of Investigation (FBI) recently announced the seizure of domains linked to the infrastructure used in the operation, while Google said it disabled accounts associated with the network as part of broader disruption efforts.
The residential proxy service, NetNut, has been associated with Alarum Technologies Ltd, a company listed on the Nasdaq stock exchange. Following the law enforcement action, the company said through legal counsel that it would cooperate with the investigation. Publicly available statements indicate that Alarum has maintained that it does not knowingly permit its services to be used for illegal purposes and is reviewing the allegations.
Cybersecurity experts note that residential proxy services have legitimate commercial uses, including website testing, fraud detection and market research. However, such services can be abused if compromised devices are enrolled without their owners' knowledge or if access is resold to malicious actors.
The incident highlights growing concerns over supply chain security for internet-connected devices. While it has not been established that all affected devices were infected before reaching consumers, experts recommend purchasing products from reputable manufacturers, installing firmware updates promptly, and avoiding unofficial app stores or modified software.
Consumers are also encouraged to:
Regularly install software and security updates.
Change default passwords on smart devices.
Disconnect or factory-reset devices that exhibit unusual behaviour.
Monitor home network activity using router security tools where available.
As more households adopt internet-connected televisions, streaming devices and smart home products, cybersecurity specialists warn that protecting these devices is becoming as important as securing traditional computers and smartphones.

smart TV malware





Comments