Skip to content

NetNut Proxy Network Dismantled by Google-Led Operation – 2 Million Infected Devices Isolated

In a nutshell: NetNut, a botnet comprising 2 million compromised Android devices, has been dismantled through a Google-led operation.

A joint operation involving Google has dismantled the NetNut proxy network, which provided access to millions of compromised Android devices – including smart TVs and streaming boxes. The infrastructure has been taken offline and millions of infected devices have been disconnected from the network.

The NetNut proxy network functioned as botnet infrastructure through which attackers gained access to compromised Android devices, including smart televisions, streaming boxes and other networked devices. The infection enabled operators to abuse these devices as proxy servers to obscure traffic or circumvent tracking systems.

The dismantling of the network was carried out as a coordinated operation led by Google and additional partners. The operation isolated approximately 2 million infected devices and disrupted the botnet’s command and control channels. This means that while the malware may still be present on the affected devices, operators no longer have access.

For security decision-makers, the shutdown is relevant because such botnets are used, among other things, for cyberattacks, fraud or data exfiltration. The disruption of the infrastructure reduces the risk that enterprise networks are attacked through these channels or hosted services become targets of DDoS attacks. Nevertheless, organizations should assume that known infected endpoint devices are present on their networks and evaluate their security measures accordingly.


Source: www.bleepingcomputer.com · Published 3 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: