New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm
-
New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm
"For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."
https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/
There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.
@briankrebs
Is it possible to shut these proxies down at a firewall or via DNS filtering?
My Tizen TV does a lot of network accesses when turned on (which is why I actually cut the power to it when not in use...) and I'm not sure what I would be looking for to see if somehow I got affected by this? -
@briankrebs
Is it possible to shut these proxies down at a firewall or via DNS filtering?
My Tizen TV does a lot of network accesses when turned on (which is why I actually cut the power to it when not in use...) and I'm not sure what I would be looking for to see if somehow I got affected by this?@dirkhh if they're doing DoH and use some smart TLS-fronting strategies, it might be close to impossible to block while maintaining regular online functionality.
If...
-
@AAKL certainly that is one aspect of it. It is how the proxy companies are all recasting themselves and trying to wash their reputation by association with scraping for AI stuff. Like they're now critical infrastructure or something. Anyway, there's an entire section of the story on this codependency.
@briankrebs Customers should probably sue Samsung and LG for this.
-
New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm
"For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."
https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/
There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.
@briankrebs
I get lost in the weeds quickly when it comes to cyber security, but even I can grasp the gist of this. I think I'll unplug the living room TV that I almost never turn on. A woman's home is no longer her castle, she has to share it with spiders and other creepy crawlies. I already unplug the Bluetooth speaker when I'm no using it. -
New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm
"For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."
https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/
There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.
@briankrebs
Thank you. I have posted your article into our Discord. #iptv -
@briankrebs Customers should probably sue Samsung and LG for this.
@AAKL @briankrebs I wish case law supported suing for gross negligence in the IT hardware and Software space, but it clearly does not, and thus we have vulnerability backlogs in the thousands of known issues and hundreds of thousands of undocumented vulnerabilities awaiting discovery
-
New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm
"For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."
https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/
There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.
@briankrebs
Tired: The Chinese are spying on everybody via their TVs.
Wired: The Israelis are spying on everybody via the Chinese TVs. -
@briankrebs
Thank you. I have posted your article into our Discord. #iptv@GilQ thanks, Gil!
-
New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm
"For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."
https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/
There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.
@briankrebs super-interesting, thanks.
What is the residential proxy network Popa used for explicitly? Like you mentioned; possible uses would be ad fraud, cryptography, ddos attacks etc.
Is Popa linked to IP Royal or another proxy site? This raises serious questions for the Data Protection Commissioner in Europe i'd imagine...
Is the open-proxy hijacking of your tv system clearly spelled out in the terms and conditions of these apps? What does their privacy policy say?
-
@AAKL @briankrebs I wish case law supported suing for gross negligence in the IT hardware and Software space, but it clearly does not, and thus we have vulnerability backlogs in the thousands of known issues and hundreds of thousands of undocumented vulnerabilities awaiting discovery
@magnesium @AAKL @briankrebs Is there a country where it does ? Jurisdiction farming isn't solely for the rich corporates
-
P pelle@veganism.social shared this topic
