🔐
Security 📅 2026-07-04 · 12:16 PM IST ⏱ 3 min read

Google Shuts Down Major Android Device Hijacking Network Used for Phishing Attacks

Google dismantles NetNut proxy service that controlled millions of compromised Android devices for cybercrime operations.

Breaking: Major Cybercrime Infrastructure Taken Down

Authorities have successfully shut down NetNut, a large-scale criminal operation that had infected millions of Android devices—including smart televisions and streaming media boxes—and turned them into unwilling accomplices in cyberattacks. The takedown, led by Google in partnership with international law enforcement, represents a significant blow to organized cybercriminals who were using these devices to hide their tracks while launching phishing campaigns and other malicious activities.

Think of NetNut as a massive puppet master operation. Criminals had secretly installed malicious software on everyday consumer devices sitting in homes around the world. These compromised gadgets became digital proxies—intermediaries that masked where criminal traffic was coming from, much like wearing a disguise to hide your real identity.

Understanding the Threat

The criminal group was operating what experts call a "residential proxy network." This is essentially a web of hijacked devices that reroutes internet traffic through innocent people's homes. When a cybercriminal wants to launch a phishing attack—those deceptive emails or fake websites designed to steal passwords—they route it through these hijacked devices instead of their own computers. This makes it nearly impossible for security teams to track them down because the attack appears to come from legitimate residential internet addresses.

The scope was staggering. Millions of Android-based devices were compromised, from budget smartphones to smart TVs in living rooms across the globe. Most device owners had no idea their equipment was being weaponized.

Why This Matters for Everyone

This discovery exposes a growing problem in cybersecurity: attackers are increasingly turning consumer devices into weapons. Your television or streaming box isn't just for entertainment—if compromised, it becomes part of the infrastructure that enables sophisticated phishing and fraud schemes targeting businesses and individuals worldwide.

The takedown demonstrates that consumer devices represent a critical weak link in our collective digital security.

The connection to Microsoft 365 phishing is particularly troubling. Attackers were using this infrastructure to impersonate legitimate business communications, potentially deceiving employees into revealing company passwords and sensitive information.

What You Should Do Right Now

What Comes Next

This operation shows that law enforcement and major technology companies are actively working to dismantle criminal infrastructure. However, new threats constantly emerge. The cybersecurity landscape requires ongoing vigilance from both individuals and organizations.

Protecting yourself starts with understanding that every connected device in your home is potentially valuable to criminals—and taking steps to secure them accordingly.

📎 This is original ITVedas reporting. This story was inspired by coverage from bleepingcomputer.com. Visit the source for their original reporting.

Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.

Explore IT Chapters →