The FBI and Google just took down a botnet that hijacked 2 million smart TVs
The FBI and Google just took down a botnet that hijacked 2 million smart TVs
The Popa botnet relied on a malicious software development kit embedded in low-cost Android-based devices, including smart TVs and streaming boxes, as well as unofficial apps such as SmartTube. Once those devices were connected, they began acting as proxy exit points without clearly informing users.
That setup allowed attackers to route malicious traffic through the infected devices, masking the origin of their activities. The botnet is estimated to have compromised roughly 2 million devices globally.
How the botnet operated
The malicious SDK was pre-installed on devices during manufacturing or added through third-party app stores. It operated without visible indicators to the user, making detection difficult.
- The SDK established persistent connections to command-and-control servers.
- Infected devices were used as residential proxies for various cybercriminal operations.
- Attackers could sell access to these proxy networks on underground markets.
The takedown operation
The FBI and Google's Threat Analysis Group coordinated the takedown, which involved:
- Seizing command-and-control infrastructure.
- Disrupting the botnet's communication channels.
- Notifying affected device manufacturers and app developers.
Google also pushed security updates to Android devices and removed malicious apps from the Play Store where applicable.
User impact and recommendations
Users of low-cost Android TV devices or streaming boxes should check for suspicious activity. Signs of infection include:
- Unexplained network traffic.
- Devices running slower than usual.
- Unexpected app installations.
Recommended actions include factory resetting affected devices, updating to the latest firmware, and avoiding unofficial app stores or sideloaded apps like SmartTube.
Comments
No comments yet. Start the discussion.