‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

The Popa botnet, active for four years and impacting millions of Android TV boxes, has been linked to NetNut, a residential proxy service operated by the Israeli firm Alarum Technologies Ltd. Researchers from multiple security firms identified this connection this week. Popa's primary function is not destructive attacks but rather to establish a persistent communication layer for compromised devices. These devices, often sold as inexpensive streaming boxes, are pre-installed with software that turns users' home internet addresses into residential proxies. This allows third parties to route their internet traffic through these compromised devices. Security experts note that Popa is a component of the Vo1d botnet, which targets unofficial Android-based TV boxes. The FBI and security industry have previously warned about the risks associated with these devices, including the potential for malicious customers to compromise local networks of unsuspecting device owners. Alarum Technologies Ltd is publicly traded on NASDAQ under the ticker ALAR.