By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Google, FBI and industry partners disrupt NetNut malicious proxy network
Share
Font ResizerAa
TechgoonduTechgoondu
Font ResizerAa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Google, FBI and industry partners disrupt NetNut malicious proxy network
CybersecurityEnterprise

Google, FBI and industry partners disrupt NetNut malicious proxy network

Ai Lei Tao
Last updated: July 7, 2026 at 7:25 PM
Ai Lei Tao
Published: July 7, 2026
4 Min Read

Working with the FBI and industry partners, Google has “seriously degraded” a large malicious residential proxy network called NetNut that enabled hackers to hide their activity online to mount cyberattacks.

By connecting to the Internet via home devices such as PCs or smart TVs, NetNut helped to disguise the malicious activity as online traffic from real users so they won’t be blocked by cyber defences.

NetNut is considered one of the largest and most popular residential proxy networks, with an estimated two million devices distributed worldwide, according to the Google Threat Intelligence Group (GTIG) last week.

Together with Lumen, Shadowserver and the FBI in the United States, Google has now disrupted this key infrastructure used by hackers to secretly prepare for an attack.

ILLUSTRATION: Unsplash

As part of the recent operation, Google dismantled Google accounts and associated services used by NetNut for malware command-and-control (C2) activity, which the company said violated its user policy.

Google also shared technical intelligence on NetNut software development kits and backend infrastructure with platform providers, law enforcement agencies and research firms to support wider enforcement efforts.

In addition, Google’s Play Protect, security protection that is built into Android, will warn users and disable applications that have NetNut software development kits (SDKs), and protect against future installation attempts.

Google expects that these actions will degrade NetNut’s proxy network and business operations, reducing the available pool of devices for the proxy operator by millions.

The disruption follows Google’s January 2026 action against IPIDEA proxy network, believed to be one of the largest residential proxy networks in the world. According to the company, IPIDEA’s proxy infrastructure is part of a digital ecosystem leveraged by malicious actors.

Residential proxy networks allow customers to route traffic through Internet service provider-owned IP addresses, making malicious activity appear as though it is coming from ordinary home users.

Such networks are built by enrolling code running on home devices on a malicious network as exit nodes.

In some instances, this malware is pre-installed before purchase, or unwittingly downloaded and installed by users.

Google warns that this can create serious risks to device owners, whose home IP addresses can be used by attackers as a launchpad for hacking or other unauthorised activities. Their legitimate traffic can also be flagged as suspicious or blocked by service providers.

In one week in June 2026, Google observed 316 distinct threat clusters using suspected NetNut exit nodes, which included cybercriminal and espionage groups.

Consumers should be wary of applications that offer payment in exchange for unused bandwidth or “sharing your Internet,” as these may be used by malicious proxy networks to expand its network and open security vulnerabilities on the device’s home network, according to Google.

Users are advised to download apps only from official app stores, review permissions for third-party virtual private networks (VPNs) and proxies, and keep Google Play Protect enabled.

They are also encouraged to buy connected devices only from reputable manufacturers and to check that their Android devices are Play Protect-certified.

Despite the latest disruptions, Google expects the residential proxy industry to continue to grow rapidly, with more work required to combat malicious residential proxy networks.

The company encourages mobile platforms, Internet service providers, and other technology platforms to continue sharing intelligence and to take direct action to block malicious C2 infrastructure.

“While point-in-time disruptions are a critical tool to protect our users, continued and coordinated effort is needed to reduce malicious proxy networks in the long run,” the company said in a blogpost. 

Cars in the crosshairs: Automakers, regulators take on cybersecurity
Keysight’s 2023 technology predictions: Insights from a test and measurement leader
Modern manufacturing strategies fuel in-circuit test advances
Oracle, Google join race to boost AI cloud infrastructure in Southeast Asia
Equinix SG5 phase one opens, positioned to connect digital infrastructure
TAGGED:botnetFBIGoogleGTIGNetNutresidential proxy networkSmart TV

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link Print
Avatar photo
ByAi Lei Tao
Ai Lei is a writer who has covered the technology scene for more than 20 years. She was previously the editor of Asia Computer Weekly (ACW), the only regional IT weekly in Asia. She has also written for TechTarget's ComputerWeekly, and was editor of CMPnetAsia and Associate Editor at Computerworld Singapore.
Previous Article Honor Magic V6 review: A more durable foldable smartphone
Next Article Inside new Vertiv plant in Johor, a race to keep data centres cool
Leave a Comment

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

FacebookLike
XFollow

Latest News

Inside new Vertiv plant in Johor, a race to keep data centres cool
Enterprise
July 7, 2026
Honor Magic V6 review: A more durable foldable smartphone
Cellphones Mobile
July 6, 2026
Data for 70,000 people compromised in Singapore after government test system exposed
Cybersecurity Enterprise
July 3, 2026
Tata Communications to spend US$152 million to expand India-Singapore subsea cable capacity
Enterprise Telecom
July 2, 2026

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.


banner							
banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON

banner							
banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT

banner							
banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2026 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Follow Us!
Hear the signal from the noise. Essential tech analysis from our Reality Check newsletter.

Zero spam. Unsubscribe at any time.

Loading Comments...

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?