<![CDATA[New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm]]>New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm

"For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."

https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/

There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.

]]>https://forum.fedi.dk/topic/988f849f-5c64-46a1-9ba5-92d3eef8cd44/new-from-me-popa-botnet-linked-to-publicly-traded-israeli-firmRSS for NodeMon, 22 Jun 2026 14:22:46 GMTThu, 18 Jun 2026 17:51:48 GMT60<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 22:33:14 GMT]]>@magnesium @AAKL @briankrebs Is there a country where it does ? Jurisdiction farming isn't solely for the rich corporates

]]>https://forum.fedi.dk/post/https://mastodon.social/users/etchedpixels/statuses/116773486233615487https://forum.fedi.dk/post/https://mastodon.social/users/etchedpixels/statuses/116773486233615487Thu, 18 Jun 2026 22:33:14 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 21:45:38 GMT]]>@briankrebs super-interesting, thanks.

What is the residential proxy network Popa used for explicitly? Like you mentioned; possible uses would be ad fraud, cryptography, ddos attacks etc.

Is Popa linked to IP Royal or another proxy site? This raises serious questions for the Data Protection Commissioner in Europe i'd imagine...

Is the open-proxy hijacking of your tv system clearly spelled out in the terms and conditions of these apps? What does their privacy policy say?

]]>https://forum.fedi.dk/post/https://mastodon.ie/ap/users/116760152496243117/statuses/116773299045979030https://forum.fedi.dk/post/https://mastodon.ie/ap/users/116760152496243117/statuses/116773299045979030Thu, 18 Jun 2026 21:45:38 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 19:50:56 GMT]]>@GilQ thanks, Gil!

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/briankrebs/statuses/116772848010758174https://forum.fedi.dk/post/https://infosec.exchange/users/briankrebs/statuses/116772848010758174Thu, 18 Jun 2026 19:50:56 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 19:31:41 GMT]]>@briankrebs
Tired: The Chinese are spying on everybody via their TVs.
Wired: The Israelis are spying on everybody via the Chinese TVs.

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/bontchev/statuses/116772772341731040https://forum.fedi.dk/post/https://infosec.exchange/users/bontchev/statuses/116772772341731040Thu, 18 Jun 2026 19:31:41 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 19:22:46 GMT]]>@AAKL @briankrebs I wish case law supported suing for gross negligence in the IT hardware and Software space, but it clearly does not, and thus we have vulnerability backlogs in the thousands of known issues and hundreds of thousands of undocumented vulnerabilities awaiting discovery

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/magnesium/statuses/116772737260269942https://forum.fedi.dk/post/https://infosec.exchange/users/magnesium/statuses/116772737260269942Thu, 18 Jun 2026 19:22:46 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 19:09:01 GMT]]>@briankrebs
Thank you. I have posted your article into our Discord.

]]>https://forum.fedi.dk/post/https://c.im/users/GilQ/statuses/116772683195070997https://forum.fedi.dk/post/https://c.im/users/GilQ/statuses/116772683195070997Thu, 18 Jun 2026 19:09:01 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 19:04:05 GMT]]>@briankrebs
I get lost in the weeds quickly when it comes to cyber security, but even I can grasp the gist of this. I think I'll unplug the living room TV that I almost never turn on. A woman's home is no longer her castle, she has to share it with spiders and other creepy crawlies. I already unplug the Bluetooth speaker when I'm no using it.

]]>https://forum.fedi.dk/post/https://sfba.social/users/Puck/statuses/116772663838137166https://forum.fedi.dk/post/https://sfba.social/users/Puck/statuses/116772663838137166Thu, 18 Jun 2026 19:04:05 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 18:24:37 GMT]]>@briankrebs Customers should probably sue Samsung and LG for this.

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/AAKL/statuses/116772508614151234https://forum.fedi.dk/post/https://infosec.exchange/users/AAKL/statuses/116772508614151234Thu, 18 Jun 2026 18:24:37 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 18:22:04 GMT]]>@dirkhh if they're doing DoH and use some smart TLS-fronting strategies, it might be close to impossible to block while maintaining regular online functionality.

If...

@briankrebs

]]>https://forum.fedi.dk/post/https://mastodon.social/users/eliasp/statuses/116772498585794133https://forum.fedi.dk/post/https://mastodon.social/users/eliasp/statuses/116772498585794133Thu, 18 Jun 2026 18:22:04 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 18:17:11 GMT]]>@briankrebs
Is it possible to shut these proxies down at a firewall or via DNS filtering?
My Tizen TV does a lot of network accesses when turned on (which is why I actually cut the power to it when not in use...) and I'm not sure what I would be looking for to see if somehow I got affected by this?

]]>https://forum.fedi.dk/post/https://hachyderm.io/users/dirkhh/statuses/116772479410827361https://forum.fedi.dk/post/https://hachyderm.io/users/dirkhh/statuses/116772479410827361Thu, 18 Jun 2026 18:17:11 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 18:16:39 GMT]]>@AAKL certainly that is one aspect of it. It is how the proxy companies are all recasting themselves and trying to wash their reputation by association with scraping for AI stuff. Like they're now critical infrastructure or something. Anyway, there's an entire section of the story on this codependency.

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/briankrebs/statuses/116772477277859553https://forum.fedi.dk/post/https://infosec.exchange/users/briankrebs/statuses/116772477277859553Thu, 18 Jun 2026 18:16:39 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 18:03:13 GMT]]>@briankrebs This might be off the mark, but I'm wondering if this is more about data scraping than anything else, given the recent trends and Android's prevalence in related regions.

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/AAKL/statuses/116772424456336076https://forum.fedi.dk/post/https://infosec.exchange/users/AAKL/statuses/116772424456336076Thu, 18 Jun 2026 18:03:13 GMT<![CDATA[Reply to New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm on Thu, 18 Jun 2026 17:57:25 GMT]]>@briankrebs Wow

]]>https://forum.fedi.dk/post/https://cyberplace.social/users/khleedril/statuses/116772401696925111https://forum.fedi.dk/post/https://cyberplace.social/users/khleedril/statuses/116772401696925111Thu, 18 Jun 2026 17:57:25 GMT