Google disrupts massive botnet exploiting smart TVs for cybercrime

0
31
Google shuts down botnet using smart TVs to power cybercrime network
Google shuts down botnet using smart TVs to power cybercrime network

A large-scale cybercrime operation has been disrupted after Google uncovered a botnet that was secretly using Android-based TV streaming devices to route malicious internet traffic for hackers. The action was carried out in collaboration with the FBI and Lumen Technologies.

According to Google, the botnet, known as “Popa,” was linked to an Israeli residential proxy service called NetNut. The service allegedly used millions of compromised TV streaming devices to provide proxy networks that allowed cybercriminals to hide their real IP addresses while carrying out cyberattacks.

Google’s investigation found that NetNut’s network appeared to include at least 2 million devices worldwide. It also identified 316 different threat groups using suspected NetNut proxy exit nodes for activities such as account hijacking, password spraying, cyber espionage, and other online attacks.

The company warned that when a consumer device becomes a proxy exit node without the owner’s knowledge, unauthorised internet traffic passes through it. This could expose other private devices connected to the same home network to security threats. In some cases, the hijacked traffic was also used for ad fraud by artificially increasing website traffic.

Google said NetNut allegedly expanded its network by distributing software development kits (SDKs) through smart TVs and streaming devices. These pre-installed components reportedly allowed the company to maintain hidden access to the devices and route internet traffic without users’ consent.

To stop the operation, Google disabled the accounts and services used to control the botnet. It also updated Google Play Protect to automatically disable applications known to include NetNut SDKs and prevent future installations. The FBI has seized the NetNut.com domain, while the NetNut.io website remains active.

Google advised consumers to purchase streaming devices only from trusted manufacturers and avoid applications that offer payments in exchange for sharing unused internet bandwidth, warning that such apps are commonly used to build malicious proxy networks.

Responding to the development, NetNut’s parent company said it would cooperate fully with law enforcement and support investigations into any misuse of its infrastructure.

Also read: Viksit Workforce for a Viksit Bharat

Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter

About us:

The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.