The FBI and Google just took down a botnet that hijacked 2 million smart TVs

Skye Jacobs

Posts: 2,006   +58
Staff
What we know so far: A coordinated effort by US law enforcement and private-sector researchers has disrupted a major residential proxy network that turned everyday consumer devices into tools for cybercrime. The operation, led by the FBI and Google's Threat Intelligence Group, focused on NetNut, a commercial proxy service that researchers also track as the Popa botnet. According to Google, the network co-opted more than two million devices globally, routing internet traffic through residential connections.

The Popa botnet relied on a malicious software development kit embedded in low-cost Android-based devices, including smart TVs and streaming boxes, as well as unofficial apps such as SmartTube. Once those devices were connected, they began acting as proxy exit points without clearly informing users. That setup allowed attackers to send traffic through residential IP addresses, making it harder for security systems to detect or block malicious behavior.

Google said that in one week in June 2026, at least 316 distinct threat clusters used NetNut's network for password spraying, credential stuffing, advertising fraud and sensitive data scraping.

The way NetNut operated set it apart from the usual underground botnets. Rather than being run solely by underground actors, it appears to have had ties to a commercial entity.

Cybersecurity journalist Brian Krebs reported that the network is linked to Alarum Technologies Ltd., a publicly traded Israeli firm listed on Nasdaq. He cited research from firms including Qurium and Synthient, which reported direct links between Alarum's executive leadership and the developers of the Popa SDK.

Alarum has previously described its platform as a consensual bandwidth-sharing service. However, independent technical reviews found that users were not clearly notified or asked for meaningful consent before their devices were used as part of the proxy network.

After domains linked to NetNut were seized, Alarum Technologies issued a statement saying, "Alarum takes this matter seriously and will fully cooperate with law enforcement to ensure any misuse of its infrastructure is thoroughly investigated and those responsible are held to account."

Google did not address those corporate links directly but pointed to how the network operated. Researchers said NetNut supported a reseller model that allowed other companies to rebrand and sell access to the same infrastructure. The team said it assessed "with high confidence" that many popular residential proxy brands are built on top of NetNut's network.

Authorities seized hundreds of domains tied to the service, while Google disabled accounts used for command-and-control and pushed Play Protect updates to flag affected apps. Applications containing the compromised SDK were also shut down. "We believe our coordinated actions have caused significant degradation to NetNut's proxy network and its business operations, reducing the available pool of devices for the proxy operator by millions," Google said.

The effort builds on a January 2026 disruption of the IPIDEA proxy network and signals a broader push to target proxy infrastructure, not just its users. There was some initial confusion around the domain seizures. While the FBI placed a seizure notice on netnut.com, another domain, netnut.io, remained live for a time. Some observers wondered if the wrong domain had been seized, but others pointed out that the key target was the backend command-and-control infrastructure. Security researchers said the command-and-control infrastructure had been disrupted, limiting the network's ability to operate regardless of which websites remained online.

Permalink to story:

 
Be nice if we could get dumb TVs, we are going to be playing this cat and mouse game with smart devices for rest of time
 
Be nice if we could get dumb TVs, we are going to be playing this cat and mouse game with smart devices for rest of time
tbf it stated:
The Popa botnet relied on a malicious software development kit embedded in low-cost Android-based devices, including smart TVs and streaming boxes, as well as unofficial apps such as SmartTube
So a dumb TV if you were to use a 'smart' external box could still be a target. (And presumably people want to watch Netflix/Apple TV etc)

I do wish Smart TVs would be forced to allow access to the bootloader/firmware - at least once they give up on updating it themselves. Many people that are perfectly happy with their TV aside from it being a bloated slow software experience, creating all that hardware waste because the software side fails is silly.
(Same thing should go for phones/cars etc imo. For those that want to go 'but but car, safety' - 'Separation of concerns' is a thing in software development)
 
tbf it stated:

So a dumb TV if you were to use a 'smart' external box could still be a target. (And presumably people want to watch Netflix/Apple TV etc)

I do wish Smart TVs would be forced to allow access to the bootloader/firmware - at least once they give up on updating it themselves. Many people that are perfectly happy with their TV aside from it being a bloated slow software experience, creating all that hardware waste because the software side fails is silly.
(Same thing should go for phones/cars etc imo. For those that want to go 'but but car, safety' - 'Separation of concerns' is a thing in software development)
This isn't the first time Smart TVs have been targeted. Further, what makes me so angry about smart TVs is that they disable features like HDR, Dolby atmos and other quality features. Go try to stream 4k video from your laptop or PC over HDMI. It is a pain in the absolute *** to get the best experience from a PC on a smart TV. You can get a better experience from pirated content than from a streaming service over a PC. And they say this is to stop piracy, but goto any torrent site and tell me how well that's working out for them? Piracy wouldn't exist if there wasn't a demand for it. I have a projector and it's a dumb projector, but I didn't spend new car money on a home theater to have an "okay experience". And streaming boxes exist to work around this limitation, but the era of building your own streaming box is over. Hulu deliberately gimps black levels when streaming outside an official app so I cancelled them the moment I figured that out. People who live in third world countries and watching at 1080p are not the ones downloading 4k blue rays.

It's not just smart TVs, though, it's smart everything. I was at Home Depot awhile back and saw a smart dishwasher. I look at this things and wonder what problem does this solve? And I know what problem it solves, it's there to collect data about your network traffic so the manufacturer can sell it to advertisers and the brick the device with a firmware update after a few years to force you to buy another one. Nothing about smart devices solves any meaningful or useful for the consumer. Infact, smart devices are the biggest anti-consumer product ever made.
 
Be nice if we could get dumb TVs, we are going to be playing this cat and mouse game with smart devices
Keep your TV off the Internet, and it'll never be hacked, smart or dumb.

I do wish Smart TVs would be forced to allow access to the bootloader/firmware - at least once they give up on updating it themselves.
Most smart TVs (excluding Roku) have a developer mode and/or can be rooted for direct access. Or you can take the more sane approach of using your TV as a dumb monitor and first routing all web traffic through your own device.

Further, what makes me so angry about smart TVs is that they disable features like HDR, Dolby atmos and other quality features.
I don't know of **any** TV that forcibly disables these features, though many of them will allow you the choice to disable them.
 
Go try to stream 4k video from your laptop or PC over HDMI. It is a pain in the absolute *** to get the best experience from a PC on a smart TV. You can get a better experience from pirated content than from a streaming service over a PC.
Annoyingly it's not just the TV manufacturers.
The streaming services themselves treat desktops/laptops with contempt as well. No 4k due to DRM nonsense.

Even on my LG TV getting the 'best' experience is a pain.
Amazon 4k through the native TV app WILL force HDR on and the HDR implementation is distractingly bad (you can see the 'zones' activating because they're huge).
Don't get a proper 4k stream on laptop so connecting that over 4k is a no go.
Casting it from a smartphone is a frame dropping crappy experience.
So the best way to watch Amazon in 4k on my LG TV is... by using an Amazon FireTV stick.

Or you know, alternatively I could download a 4k rip of the Amazon content I want to watch and watch it on any device I want at full quality. In an ironic twist it turns out that the DRM that's supposed to prevent piracy end up being part of what drives a demand for piracy.

When piracy is the best option for watching content you're already paying for something is going terribly wrong. Streaming services really should loosen DRM restrictions as not to screw over legitimate customers. The film studios insisting on these proven to be useless DRM demands will just have to play ball if the streaming services form a united front.
 
I don't know of **any** TV that forcibly disables these features, though many of them will allow you the choice to disable them.
It happens through the HDMI protocol. I built my own firewall so I can monitor all network traffic. I blocked my Samsung TV from calling back to Samsung because every time the Hulu and Netflix apps would verify that nothing was "off" and it was okay to stream. This happens on PCs, too. I was curious why HDR kept getting shut off when I would stream from a browser on my PC or that my TV couldn't give a security handshake to whatever app I was using and suddenly HDR would get shut off. Turn get HDR to turn back on o would first have to shut off the TV, then shut off the PC, turn the TV back on and then restart the PC. After that I would be able to turn HDR back on. And I stopped allowing my TV to access Samsung's servers because I noticed it was pinging my network constantly and sending large quantities of data back to Samsung in an encrypted file. After a bit of research, I found out that the smart TV was trying to monitor all traffic on my network. To that I have to ask, why does my Smart TV have monitor what games my daughter is playing on her laptop or when? And the fact that I'm being punished for discovering this and disabling their ability to do this stuff on my network, on my hardware using my Internet was as disgusting as it is disrespectful. We're also in an era of age verification for minors so why do smart devices have a right to spy on my underage daughter but she can't play Roblox or RuneScape?
 
Last edited:
It happens through the HDMI protocol... {wall of words omitted} ...so why do smart devices have a right to spy on my underage daughter but she can't play Roblox or RuneScape
None of this supports your allegation that smart TVs are intentionally disabling HDR or Dolby Atmos. If you're having difficulty, I suspect you're using either an outdated HDMI cable, or facing a hardware limitation on one of your HDMI ports.
 
None of this supports your allegation that smart TVs are intentionally disabling HDR or Dolby Atmos. If you're having difficulty, I suspect you're using either an outdated HDMI cable, or facing a hardware limitation on one of your HDMI ports.
Part of HDMI is that it supports a hand shake for authentication as part of the DRM. This isn't an allegation, it's fairly common knowledge. But when I disable my Samsungs ability to make a handshake with servers outside my network, the stream quality drops and just try stream content from your browser instead of the app. Prime, Netflix and Hulu all do this but the HDR content from YouTube works fine. Youtube does not have the same requirements from user generated content that other streaming services do. And HDR works fine when the DRM is removed and I okay things in VLC.

I do not believe this is all a coincidence. Coincidences happen everyday but I don't trust coincidences
 
Part of HDMI is that it supports a hand shake for authentication as part of the DRM. This isn't an allegation, it's fairly common knowledge. But when I disable my Samsungs ability to make a handshake with servers outside my network, the stream quality drops and just try stream content from your browser instead of the app. Prime, Netflix and Hulu all do this but the HDR content from YouTube works fine. Youtube does not have the same requirements from user generated content that other streaming services do. And HDR works fine when the DRM is removed and I okay things in VLC.

I do not believe this is all a coincidence. Coincidences happen everyday but I don't trust coincidences
My smart TV has no network access, and I have no issue broadcasting 4k video from my PC. Same with HDR enablement. My audio doesnt go through the TV at all.

Perhaps your Samsung is just garbage. If you are trying to broadcast from an app on the TV, then no duh interrupting communication is going to prevent you from streaming 4k. You're preventing the handshake. But that isnt HDMI, that is the web connection you are interrupting. From a browser, if you cant get proper 4k you either have an improper HDMi cable or there is something wrong with your setup preventing a handshake. Your TV doesnt need internet to get HDCP working properly.
 
My smart TV has no network access, and I have no issue broadcasting 4k video from my PC. Same with HDR enablement. My audio doesnt go through the TV at all.

Perhaps your Samsung is just garbage. If you are trying to broadcast from an app on the TV, then no duh interrupting communication is going to prevent you from streaming 4k. You're preventing the handshake. But that isnt HDMI, that is the web connection you are interrupting. From a browser, if you cant get proper 4k you either have an improper HDMi cable or there is something wrong with your setup preventing a handshake. Your TV doesnt need internet to get HDCP working properly.
That TV was sold earlier this year and I ended up paying a great deal of money for a true 4k120dlp dumb projector
 
Back