
BREAKING: Google Says It Disrupted A Botnet Called “Popa”, That Secretly Turned Millions Of Consumer TV Streaming Devices Into Proxy Infrastructure For Hackers And Spies Working With An Israeli Company Called NetNut 🤯💥
Google has taken down key infrastructure behind a botnet called Popa that quietly hijacked millions of consumer TV streaming devices and turned them into hidden relay points for cybercriminals and state-linked espionage groups. Working alongside the FBI and Lumen Technologies, Google traced the operation to NetNut, an Israeli company that sells residential proxy services allowing customers to route their internet traffic through IP addresses in different countries, and found that NetNut’s network spanned at least 2 million devices scattered across the globe.
What makes this case especially serious is the scale of who was using it. Google’s investigation identified 316 distinct threat clusters relying on suspected NetNut proxy exit nodes, a group that included both financially motivated cybercriminals and espionage operations, all of whom were reportedly using the service to mask their real IP addresses while breaking into victim networks, accessing their own attack infrastructure, and running password spray attacks designed to guess their way into accounts. According to Google, NetNut built this network by embedding software development kits into devices commonly found in ordinary homes, especially smart TVs and streaming boxes, giving the company a hidden foothold to relay traffic through those devices without the owners ever knowing their hardware was being used this way.
In response, Google shut down the Google accounts and services that NetNut depended on to control the botnet, cutting off a key piece of the infrastructure keeping the operation running. This is not an isolated incident either; Google disrupted a similar residential proxy network called IPIDEA back in January, which it described at the time as the world’s largest, and it has been waging a broader legal and technical campaign against these networks since at least mid-2025, when it filed suit against the operators behind the BadBox 2.0 botnet affecting more than 10 million Android-based devices. Together, these actions point to a growing, largely invisible market where ordinary consumer electronics are quietly repurposed as cover for global hacking and espionage campaigns.