:

GOOGLE DISRUPTS NETNUT PROXY NETWORK, CUTS 2M DEVICES

INDUSTRY DESK2 MIN READ
FRI, JUL 3, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Google has disrupted NetNut, a residential proxy network that compromised millions of Android devices, smart TVs, and streaming boxes. The joint operation effectively severed access to the infected devices.

A coordinated effort involving Google has dismantled NetNut, a residential proxy network that exploited approximately 2 million compromised devices to route traffic and mask user identities online. ■ The Network NetNut operated by leveraging infected Android devices, including smart TVs and streaming boxes, to create a proxy infrastructure. Users of the service could route internet traffic through these compromised devices to obscure their origins and bypass geographic restrictions or security measures. ■ The Operation Google's intervention successfully disrupted the network's operations, disconnecting the 2 million infected devices from the proxy infrastructure. The action prevents future use of these devices for proxy traffic routing. ■ Implications The disruption affects multiple stakeholder groups. Device owners regain control of their compromised hardware, though many may remain unaware their devices were enlisted without consent. Organizations that relied on NetNut for web scraping, ad verification, or security testing lose access to the service. Cybersecurity researchers note that residential proxy networks create significant challenges for online security and platform integrity. ■ Context Residential proxy services operate in a gray area of legality and ethics. While legitimate uses exist—including security research and ad verification—these networks frequently enable abuse including credential stuffing, price scraping, and content theft. The devices are typically compromised through malware, cracked apps, or deceptive software installation. Google's action represents a broader effort by major technology companies to combat infrastructure that enables abuse at scale. Similar operations have targeted other malicious networks and botnets in recent years. ■ Next Steps Device owners may need to take remedial action to ensure their hardware is fully cleaned of malware. Google has not announced specific user notification procedures. The operation demonstrates that even large-scale distributed networks can be disrupted through coordinated technical and legal action.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Fraud losses extend far beyond chargebacks. False declines, account takeovers, and customer abuse collectively damage revenue and erode trust, according to fraud prevention analysis.

JUST NOWIndustry Desk

Zimbra has issued an urgent security advisory urging customers to patch a critical cross-site scripting (XSS) vulnerability in its Classic Web Client. The flaw affects users of the Zimbra Collaboration suite.

JUST NOWIndustry Desk

Facewatch, a facial recognition system used by major retailers including Sainsbury's and B&M, is launching real-time police alerts for serious offenders. Civil liberties groups have raised concerns about the technology's surveillance implications.

JUST NOWIndustry Desk

Bright Data Ltd., an Israel-based web scraping startup, announced a $1 million bug bounty program as law enforcement intensifies oversight of the data collection industry.

2H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.