A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes.

Also known as Popa, the NetNut botnet allowed cybercriminals and espionage groups to hide behind legitimate home internet addresses when launching attacks.

According to the Google Threat Intelligence Group (GTIG), the residential proxy botnet is estimated to comprise at least two million compromised devices.

"GTIG estimates Netnut controls at least 2 million infected devices globally (including smart TVs and streaming boxes), powered by trojanized applications and botnets like Badbox 2.0 that package proxy plugins," Google told BleepingComputer.

Residential proxy networks work by compromising home systems and selling access to them, allowing threat actors to conceal malicious traffic by routing it through the victims' residential IP addresses.