Google Disrupts NetNut Proxy Network Used in Malware Operations

Google has taken coordinated action against the NetNut residential proxy network, also known as Popa, disrupting infrastructure that was allegedly being used to conceal malicious online activity and support large-scale cybercrime operations. The action was carried out in collaboration with the Federal Bureau of Investigation (FBI), cybersecurity firm Lumen, and other industry partners.

According to Google, the operation targeted accounts, services, and infrastructure associated with malware command-and-control (C2) activities linked to NetNut. The company stated that it disabled Google accounts used by operators and shared technical intelligence with law enforcement agencies, security researchers, and platform providers to support wider enforcement efforts.

Residential proxy networks route internet traffic through consumer IP addresses, allowing users to mask the origin of online activity and bypass traditional security filters. While such systems can have legitimate uses such as web testing, traffic routing, and market intelligence gathering, security experts say they are increasingly being exploited by cybercriminals because they obscure the real source of malicious activity.

Google said its coordinated action significantly weakened NetNut’s operations by reducing the network’s available device pool by millions. Security researchers estimate that the broader network may have involved approximately two million internet-connected devices worldwide that were being used as proxy nodes.

The Google Threat Intelligence Group also reportedly observed hundreds of cyber threat clusters using NetNut infrastructure to hide their locations and conduct activities including password-spraying attacks and malware operations.

As part of the disruption effort, Google expanded security protections through Play Protect to identify and disable applications associated with NetNut-related software development kits and infrastructure.

The action follows Google’s earlier efforts in 2026 to disrupt large residential proxy networks and reflects increasing industry concern around the misuse of proxy services in cyberattacks, botnet activity, espionage campaigns, and identity-based threats.

Google is one of the world’s largest technology companies and operates a broad cybersecurity and threat intelligence ecosystem through its security divisions, cloud infrastructure platforms, and Google Threat Intelligence Group (GTIG), which focuses on identifying and disrupting global cyber threats.

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

error: Content is protected !!

Share your details to download the CISO Handbook 2026

Share your details to download the report 2026

Share your details to download the Cybersecurity Report 2025

Share your details to download the CISO Handbook 2025

Sign Up for CXO Digital Pulse Newsletters

Share your details to download the Research Report

Share your details to download the Coffee Table Book

Share your details to download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report

Unlock Exclusive Insights: Access the article

Download CIO VISION 2024 Report

Share your details to download the report

Share your details to download the CISO Handbook 2024

Fill your details to Watch