NetNut botnet takes a hit. Don’t be part of the next one.
ID: 46376645-bcae-58b6-abcf-b7b1088b80a6
STIX ID: report--46376645-bcae-58b6-abcf-b7b1088b80a6
Feed Name: Malwarebytes Blog
**Executive summary:** Google, the FBI, and partners disrupted the NetNut (Popa) residential proxy botnet—an illicit service built on millions of compromised consumer devices that sold access to real home IPs. The report describes how devices were enrolled via deceptive bandwidth-sharing/proxyware apps or sold pre-compromised, how the network was used for password-spraying, account takeover, ad fraud and Mirai-like DDoS, and the mitigation steps taken (disabling Google accounts used for C2, sharing SDK/infrastructure indicators, and using Google Play Protect to warn and disable apps); users are advised to avoid dubious bandwidth-sharing apps, use official stores, check VPN/proxy permissions, prefer reputable vendors, and run up-to-date anti-malware.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
