Google works with FBI to disrupt 'NetNut' malicious proxy network

[DigitalToday reporter Hwang Chi-gyu (황치규)] Google Threat Intelligence Group (GTIG) said on July 6 it worked with the U.S. Federal Bureau of Investigation (FBI) and industry partners to disrupt 'NetNut', one of the world’s largest malicious residential proxy networks.

GTIG said the proxy network industry has a closely connected structure, with operators continuously buying and selling botnet resources. NetNut is also known as 'Popa' and is one of the world’s largest and most widely used malicious residential proxy networks. GTIG said it disrupted millions of devices abused by NetNut, following its action earlier this year to neutralise China’s IPIDEA proxy network.

GTIG estimated NetNut has infected and controlled at least 2 million devices through the 'BadBox 2.0' botnet, which installs proxy plug-ins, and trojan horse apps. Many smart TVs and set-top boxes were included.

NetNut turns ordinary household smart devices into exit nodes for hacking traffic, exposing home networks to internet threats. Legitimate users can also be mistaken for hackers and face blocked access from internet service providers, or be classified as suspicious accounts.

Google disabled Google accounts and services that NetNut abused for malware command-and-control, blocking its core backend infrastructure. It also sent automatic alerts to users through Google Play Protect and disabled infected apps, and it said it immediately shared related technical threat intelligence with platform providers, research institutions and law enforcement agencies.

Keyword

#Google Threat Intelligence Group #FBI #NetNut #BadBox 2.0 #Google Play Protect
Copyright © DigitalToday. All rights reserved. Unauthorized reproduction and redistribution are prohibited.