Make us preferred on Google

Google causes disruption in NetNut proxy network in FBI operation

The move is part of Google's efforts to dismantle residential proxy networks that cybercriminals use to conceal their activities

Google causes disruption in NetNut proxy network in FBI operation
Google causes disruption in NetNut proxy network in FBI operation

Google has caused disruption of the NetNut residential proxy network in a coordinated operation with the FBI, Lumen Technologies, and other partners, successfully targeting the previously described largest malicious proxy services.

The significant move is a broader part of the company’s ongoing efforts to dismantle residential proxy networks that cybercriminals use to conceal their activities.

The Alphabet-owned Google has disabled accounts and services used by NetNut for malware command-and-control as part of the operation, strengthening Google Play Protect to identify and disable Android apps with NetNut software.


As per Google’s Threat Intelligence Group, NetNut, which is also called Popa, consists of nearly two million compromised devices all across the globe.

Residential proxy networks run by routing internet traffic through ordinary home internet connections, enabling users to easily disguise their activities behind legitimate residential IP addresses instead of data centres.

Google stated these networks are particularly built by downloading proxy software on consumer devices. This can occur via malware pre-installed on devices or hidden code inside the installed apps.

Once infected, a device can route internet traffic for cybercriminals unknowingly.

Google believes the operation has weakened NetNut by eradicating millions of devices from its network.

Moreover, it warned that NetNut operates via a reseller programme, meaning many recognised residential proxy services may depend on NetNut’s infrastructure.

Google associated NetNut with a variety of cyber threats such as password-spraying, hacking, and distributed denial-of-service (DDoS) operations.

During one week in June alone, Google observed 316 separate threat groups using NetNut’s proxy network.

Additionally, Scientists have connected the services to enlarged botnets, including Badbox 2.0 and Mirai.

To protect users, Google strongly recommended installing apps only from trusted sources, avoiding apps that promise payment for sharing internet bandwidth.

Google stated continued cooperation between technology firms, internet providers, and law enforcement will be important to disrupting malicious residential proxy networks in the future.