Based on reporting by The Hacker News →
Introduction
If your home router suddenly starts serving traffic to a stranger in another country without your knowledge, you are no longer just a user — you are part of a commercial relay network. Google’s Threat Intelligence Group (GTIG) has just dealt a significant blow to one of the largest such operations, a network known as NetNut (also tracked internally as Popa), which had built a business around renting out other people’s home connections.
The problem
This week, as reported by The Hacker News, Google announced that it had substantially degraded NetNut, one of the world’s largest residential proxy networks. Working alongside the FBI, Lumen Technologies, and other partners, Google’s Threat Intelligence Group (GTIG) said it had reduced the network’s pool of usable home devices by millions. NetNut, also known by the codename Popa, is described by Google as a network spread across home routers and devices, turning them into paid relays for third-party traffic — often without the device owner’s informed consent.
Consequences
The real-world impact here is twofold. First, for the millions of device owners whose hardware was quietly co-opted, their internet connection became a vector for someone else’s activity — potentially including malicious browsing, credential-stuffing, or even worse traffic that could be traced back to their own IP. Second, for businesses, these residential proxy networks are a favorite tool for attackers who want to blend in with legitimate home traffic, bypassing geo-restrictions, rate limits, and IP-reputation lists. Every company that relies on IP-based trust a layer deeper now faces a smaller margin for error.