‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
Summary
A significant Android-based botnet named Popa, which has been active for four years and used millions of TV boxes for ad fraud, account takeovers, and data scraping, has been linked to NetNut. NetNut is a residential proxy service operated by the publicly-traded Israeli company Alarum Technologies Ltd.
IFF Assessment
The Popa botnet's association with a legitimate, publicly-traded company like NetNut indicates a sophisticated and potentially well-resourced operation that poses a significant threat to users and businesses.
Defender Context
This connection highlights how legitimate infrastructure can be co-opted for malicious purposes, making attribution and takedown efforts more challenging. Defenders should be aware of the potential for residential proxy services to be misused for botnet operations and data exfiltration.