Source linked

Google Knocked Millions of Devices Off NetNut's Malware Proxy Network

economictimes.indiatimes.com@market_structure3 hours ago·Cybersecurity·4 comments

Google disabled accounts and services used in NetNut's residential proxy network, cutting millions of devices from the pool and degrading its ability to route malware traffic.

googlenetnutfbilumenalarum technologiesresidential proxy networks

Millions of devices were yanked from NetNut's proxy pool after Google disabled accounts and services tied to malware command-and-control operations. That's not a hypothetical cleanup — Google says the coordinated action "reduced the available pool of devices for the proxy operator by millions." If you've ever wondered how attackers make malicious traffic look legit, residential proxy networks like NetNut are the answer: they route through consumer IP addresses, bypassing security defenses while masking the origin. Legitimate uses exist, sure — but NetNut was a favorite for malware operators.

How NetNut's Proxy Network Enabled Malware

Residential proxies exploit the trust given to home IPs. Botnets like Popa infect devices and turn them into relay nodes; NetNut wrapped that in a commercial proxy service. The FBI had been investigating the link between NetNut and Popa for over a year, according to Bloomberg. The technical playbook is straightforward: malware commands flow through a rotating set of clean-looking IPs, making it hell for defenders to block. Google's threat intelligence team, along with Lumen and the FBI, finally moved to cut the cord.

The Disruption and Its Aftermath

Google disabled accounts and shared technical intelligence on the group's infrastructure with law enforcement and industry partners. The FBI seized some of NetNut's domains on Thursday, and NetNut's parent — Israel-based Alarum Technologies — acknowledged the seizure, saying it would "fully cooperate." Alarum's statement leaves room for interpretation, but the operational damage is real: losing millions of proxy devices means malware operators lose a critical routing layer. Expect them to spin up similar services, but this kill gives defenders a few months of cleaner traffic logs.

For engineers running SOCs or building threat intelligence pipelines, this is a reminder to watch for residential proxy IP ranges from companies like NetNut, Bright Data, and others. The takedown disrupts one major pipeline — the Popa botnet and its command infrastructure take a direct hit. But the proxy-as-a-service model isn't going away. Next time you see a login attempt from a residential IP in a data center context, double-check the ASN.


Source: Google disrupts NetNut proxy network used in malware operations
Domain: economictimes.indiatimes.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

Comments load interactively on the live page.