:

GOOGLE DISRUPTS NETNUT PROXY NETWORK, CUTS 2M DEVICES

INDUSTRY DESK2 MIN READ
FRI, JUL 3, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Google has disrupted NetNut, a residential proxy network that compromised millions of Android devices, smart TVs, and streaming boxes. The joint operation effectively severed access to the infected devices.

A coordinated effort involving Google has dismantled NetNut, a residential proxy network that exploited approximately 2 million compromised devices to route traffic and mask user identities online. ■ The Network NetNut operated by leveraging infected Android devices, including smart TVs and streaming boxes, to create a proxy infrastructure. Users of the service could route internet traffic through these compromised devices to obscure their origins and bypass geographic restrictions or security measures. ■ The Operation Google's intervention successfully disrupted the network's operations, disconnecting the 2 million infected devices from the proxy infrastructure. The action prevents future use of these devices for proxy traffic routing. ■ Implications The disruption affects multiple stakeholder groups. Device owners regain control of their compromised hardware, though many may remain unaware their devices were enlisted without consent. Organizations that relied on NetNut for web scraping, ad verification, or security testing lose access to the service. Cybersecurity researchers note that residential proxy networks create significant challenges for online security and platform integrity. ■ Context Residential proxy services operate in a gray area of legality and ethics. While legitimate uses exist—including security research and ad verification—these networks frequently enable abuse including credential stuffing, price scraping, and content theft. The devices are typically compromised through malware, cracked apps, or deceptive software installation. Google's action represents a broader effort by major technology companies to combat infrastructure that enables abuse at scale. Similar operations have targeted other malicious networks and botnets in recent years. ■ Next Steps Device owners may need to take remedial action to ensure their hardware is fully cleaned of malware. Google has not announced specific user notification procedures. The operation demonstrates that even large-scale distributed networks can be disrupted through coordinated technical and legal action.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

6H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.