What’s going on?

Big tech poked a sleeping giant — Google’s threat intelligence crew, working with law enforcement and partners, has managed to significantly degrade a massive residential proxy operation that was siphoning home internet connections for other people’s traffic. The network reportedly included roughly 2 million devices, meaning your humble smart TV or bargain streaming stick might have been moonlighting as someone else’s internet exit.

Here’s the dumb-but-scary version: operators get software running on consumer gear (sometimes preinstalled on cheap hardware or bundled into a seemingly innocent free app). Once installed, that device becomes an “exit node” — a convenient doorway that lets strangers route web requests through your home connection so their traffic looks like normal residential browsing instead of datacenter activity that defenders block.

That setup is attractive to cybercrooks and shady services alike. Researchers found this pool being used by many different threat clusters — everything from credential-stuffing and password-guessing crews to espionage-style operators — because it anonymizes their origin and makes blocking them harder.

Unlike a messy, criminal-only botnet, the infrastructure under discussion traces back to a commercial service run by a public company called Alarum Technologies. The company says it provides consensual bandwidth-sharing software and rejects the term “botnet,” while security researchers found that some apps tied to the service didn’t show obvious consent prompts. That gap — whether intent was malicious or negligent — is a big part of why defenders stepped in.

Why this matters (and what you can do)

Cutting off one provider is a win, but networks like this are built to be resilient. The operators sell access through resellers and white-label brands, so when one gate closes, another often pops up. That’s why Google describes its action as a degradation rather than a permanent kill: the demand for residential IPs doesn’t vanish, it just finds a new supplier.

So what can you do at home besides sigh loudly and check your router?

  • Be suspicious of apps that promise to pay you for “sharing your internet” or “using your unused bandwidth.” If it sounds like cash for clicks, it probably is.
  • Stick to official app stores and read permissions. A VPN or proxy app asking for broad local network access or device admin rights is a red flag.
  • Keep platform protections enabled (eg, app store malware scanning and built-in security settings).
  • Buy hardware from reputable brands when possible. Off-brand streaming boxes and Android TV knockoffs are common infection vectors.
  • Patch your devices and change default passwords on routers and IoT gadgets. If an attacker can guess or exploit a device, they’ll use it.

In short: the ecosystem is stubborn, the problem will probably evolve, and platforms will need to keep chasing reseller chains and related providers to make a lasting dent. For everyday users, common-sense app hygiene and better hardware choices are the best immediate defenses.