Skip to main content
Emerging ThreatsMalware & Ransomware

Google Disrupts NetNut Residential Proxy Botnet

Living room entertainment center with smart TV, streaming box, and network equipment in background.

"A streaming box should not need a threat model." That line, lifted verbatim from this week’s brief, sets the frame: ordinary, trusted pieces of technology and code — smart TVs, demo repositories, browser APIs, password reset flows — repeatedly served as the single step attackers needed to turn benign systems into persistent footholds.

NetNut residential proxy network disrupted

Google, working with the U.S. Federal Bureau of Investigation (FBI), Lumen, and other partners, moved to disrupt the NetNut residential proxy network (also known as Popa). Google said it disabled Google accounts and associated Google services used by NetNut for malware command-and-control (C2), updated Google Play Protect, and disabled applications known to incorporate NetNut SDKs. The operator’s infrastructure is estimated to include at least 2 million devices worldwide.

According to Google, NetNut "populates its botnet by distributing SDKs for devices commonly found in homes, such as smart TVs and streaming boxes," and Google identified NetNut botnet plugin components for large-scale botnets such as BADBOX 2.0. Devices were compromised either because they were pre-installed with malware before purchase or because users unknowingly downloaded applications that contained hidden proxy code. The end goal is to route traffic through these devices, allowing bad actors to mask malicious activity.

ChocoPoC and the poisoned dependency 'skytext'

Researchers hunting proof-of-concept (PoC) exploit repos on GitHub were targeted by a supply-chain style trick: the visible PoC appeared clean, but it pulled a malicious dependency named "skytext." The payload, labeled ChocoPoC, is a full-featured trojan that can harvest passwords, cookies, autofill data, and browser history from Chrome, Brave, Edge, and Firefox. It also collects text files, notes, local databases, shell history, network settings, and a list of running processes, and supports running arbitrary shell commands or Python code.

The technique is a reminder that clean surface code can hide harmful dependencies — and that repository maintainers, vulnerability researchers, and automated searchers are attractive targets when they treat a PoC as a trusted artifact.

AI-generated browser ransomware and indirect prompt injection

Check Point researchers described a novel artifact produced with a tool called DeepSeek that chains an AI-generated approach to a real browser capability: the picker-based File System Access API in Chromium-based browsers. The result was a working ransomware technique that runs entirely inside the browser on Windows, Linux, macOS, and Android. Check Point noted there is "no evidence that the browser-native ransomware pattern has been abused in the wild," but warned of the significance: "For the first time, we have evidence that an AI model can independently reason across legitimate platform features and surface a working attack technique that humans had only theorised about – without the attacker ever knowing the underlying API existed."

At the same time, Zscaler described campaigns using indirect prompt injection (IPI) to influence AI agents by hiding instructions on web pages, combining SEO poisoning with CSS/HTML abuse. Zscaler warned that when "AI agents misclassify malicious websites as legitimate, they increase the risk of context contamination and downstream Retrieval-Augmented Generation (RAG) poisoning." Together these items show two trends: AI can invent usable attack chains by reasoning across interfaces, and web content can be weaponized to manipulate agentic systems.

Exploit trends: CVE volume and the Laravel Livewire campaign

ProjectDiscovery reported a surge in vulnerability publications, noting that 30,550 CVEs have been published so far in 2026 — a figure the researchers said is expected to eclipse 2025's total of 49,458 CVEs — with thousands rated critical or high. The weekly trending list included dozens of high-priority identifiers, from CVE-2026-46242 (Bad Epoll) to Adobe ColdFusion (CVE-2026-48315) and a range of Google Chrome fixes (CVE-2026-13774 through CVE-2026-13788).

Active exploitation remains acute: attackers used a critical unauthenticated RCE in Laravel Livewire (CVE-2025-54068) to compromise more than 6,100 applications and deliver a credential stealer. Imperva’s recovery of attacker infrastructure showed credentials harvested from 6,167 distinct applications, 1,851+ database dumps, and 18+ email lists totalling more than 26 million addresses — activity the company attributed to an Indonesian-origin threat actor.

What this means for security teams, vulnerability researchers, and device buyers

  • Security teams and developers: Treat third‑party SDKs, demo repos, and browser features as attack surfaces; prioritize patching the high-severity CVEs listed and assume dependencies can carry malicious code.
  • Vulnerability researchers and repository maintainers: Verify dependencies and implement provenance checks for PoC code; the ChocoPoC pattern shows a clean-seeming exploit can be a delivery mechanism for a trojan.
  • End users and device buyers: Recognize that apparently ordinary devices — smart TVs, streaming boxes, pre-installed apps — can be repurposed as proxy nodes; software updates and cautious app installation remain crucial.

There is a throughline in this week’s incidents: attackers repeatedly exploited trust that stopped one layer too soon. As the brief concluded: "Patch what is yours. Question what looks too clean. And maybe stop assuming the boring parts are safe just because they look boring."

Original story