ShellCodeX Intelligence Brief
CRITICAL
Mobile Security
Popa Android botnet tied to Alarum Technologies’ NetNut residential proxies
Source headline: ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
Threat level
Critical
Signal strength
85/100
Source confidence
1 source
Published
5 hours ago
Intelligence Summary
A large Android-based botnet known as Popa has been active for about four years. It appears to compromise consumer TV boxes and use them to relay internet traffic. The relayed traffic is associated with ad fraud, account takeovers, and large-scale data scraping. Multiple security firms link Popa’s operations to NetNut, a residential proxy service run by Alarum Technologies Ltd. Because the infrastructure is residential-style, the activity can be harder to detect and block. Users and operators relying on web services should tighten abuse monitoring and proxy traffic controls.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.
Topics
Original reporting
KrebsOnSecurity
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
Open original source
