When your smart TV becomes a tool for cybercriminals
Google, in collaboration with the FBI, network operator Lumen, and other partners, conducted a high-profile operation to take down the NetNut proxy network, also known as Popa. The case is particularly concerning because the attackers used it to target private households. According to Google’s Threat Analysis Team, the network included at least two million infected devices worldwide, with smart TVs and media streaming devices being the primary targets.
Research shows that this type of malicious code enters home devices via software development kits (SDKs). Users "get" it in two ways: the malicious code is either installed on the device before purchase, or users unknowingly download it themselves, along with a seemingly innocent application.
Once a device becomes part of this network, foreign web traffic starts flowing through your home connection. Your IP address is then used for scams, hacking, and password theft. This can cause your ISP to flag your connection as suspicious and even block your access to legitimate websites. Worse, attackers can use an infected device as a springboard to access all the other devices on your local network. In just one week in June 2026, Google detected 316 different attack groups exploiting NetNut, including financial criminals and government spies. Security companies have confirmed that the network was also misused to spread the dangerous Mirai botnet code.
Google acted quickly, blocking accounts and services that were providing control over this malicious code. Google Play Protect now automatically alerts and disables problematic apps. Despite its success, experts warn against the threat, as NetNut also offers other programs. This means that operators will likely try to rent capacity from competing botnet networks once their own is finally weakened.
To protect your home devices, it's crucial to avoid apps that promise money in exchange for sharing your internet bandwidth. It's recommended to only use official app stores, regularly check VPN permissions, and have Play Protect enabled. When purchasing TVs and streaming devices, always choose reputable manufacturers from Google's list of certified partners.



















