A report published this week by Krebs on Security, corroborated by independent research from Qurium, Synthient, Spur, Nokia Deepfield, and Black Lotus Labs, places the Popa botnet at the centre of a genuinely uncomfortable question: at what point does a commercial SDK become indistinguishable from malware? The answer, based on the technical evidence assembled across these reports, is that the distinction may be more of a legal and commercial artefact than a meaningful security boundary.
Popa's Architecture and Its Relationship to Vo1d
Popa is not a conventional botnet. It does not exfiltrate credentials in the traditional sense, nor does it coordinate distributed denial-of-service attacks. Its design is narrower and, from an operational security perspective, considerably more elegant. The botnet implements a persistent communications layer that registers a device, maintains long-lived encrypted tunnels, and opens proxied connections on demand. Chris Formosa of Black Lotus Labs describes it as averaging between 1.5 and 2.5 million distinct IP addresses per day, directed by a relatively lean command-and-control infrastructure of 250 to 300 relay nodes.
Popa is best understood as a plugin component within the broader Vo1d malware ecosystem. Vo1d has been extensively documented as a large-scale campaign targeting unofficial Android-based TV boxes, devices sold under thousands of brand names that promise access to premium streaming content for a one-time fee. The FBI and multiple security vendors have flagged these devices repeatedly, but they remain widely available on major e-commerce platforms. The Vo1d/Popa relationship is architecturally significant: Vo1d handles initial device compromise and persistence, while Popa handles the proxy monetisation layer. Separating these concerns makes the system more resilient to partial takedowns and complicates attribution.
Nokia Deepfield's Jérôme Meyer provides a sobering scale estimate. Monitoring only 26 of at least 359 known relay nodes, Nokia observed 750,000 unique source addresses within a 24-hour window. Extrapolating across all 359 nodes, assuming even conservative per-node client counts of 35,000 to 60,000, suggests a total device population substantially larger than Lumen's daily-active estimates. The discrepancy between these figures is itself methodologically informative: different measurement vantage points capture different slices of the botnet's activity, and no single sensor network has full visibility.
Attribution: The SDK Provenance Problem
The attribution chain assembled by Qurium is worth examining carefully, because it illustrates both the strengths and the inherent limitations of domain-based botnet attribution. Qurium began investigating Popa after observing a scraping event in May 2026 that distributed requests across more than 1.4 million IP addresses, targeting its hosted organisations. Tracing command-and-control infrastructure, they identified a cluster of domains including gmslb[.]net, safernetwork[.]io, tera-home[.]com, and ninjatech[.]io that co-hosted and moved in lockstep over time, a strong indicator of shared operational management.
The ninjatech[.]io domain is the critical link. Ninjatech was founded by Moishi Kramer, whose LinkedIn profile identifies him as VP of R&D at NetNut, a residential proxy service operated by the NASDAQ-listed Alarum Technologies. An F6S listing names Kramer as the sole owner of the Ninjatech domain. Kramer's response to these findings is technically defensible in a narrow sense: he states that the Popa SDK was sold and licensed to third parties approximately five years ago, that the original developer has no control over how licensees subsequently modify or deploy it, and that he does not control the ninjatech[.]io domain or the post-July 2025 infrastructure.
This is the SDK provenance problem in its clearest form. Once a software component is distributed as a licensable SDK, the original author's ability to constrain its deployment is contractual rather than technical. There is no cryptographic or architectural mechanism in most SDK distributions that prevents a licensee from stripping consent dialogs, modifying beaconing endpoints, or rebranding the component entirely. Synthient's finding that fewer than 20 genuine Popa publishers were observed requesting user consent, despite recent SDK builds adding that capability, is consistent with exactly this kind of downstream modification.
The stronger piece of evidence is Synthient's traffic analysis. By instrumenting their own platform to receive and inspect outbound connections from devices running Popa, Synthient observed traffic clearly associated with NetNut's proxy infrastructure. This is not domain co-hosting or WHOIS correlation; it is direct observation of data plane behaviour. The assessment that Popa devices are actively forwarding traffic for NetNut clients is grounded in this empirical observation, which is considerably harder to dismiss than circumstantial domain linkage.
Consent, KYC, and the Regulatory Gap
Alarum's public statement emphasises consent mechanisms, KYC procedures, and misuse monitoring. Spur's analysis directly contests the KYC claim, demonstrating that proxy access can be purchased through downstream resellers using nothing more than a disposable email address and a small cryptocurrency payment. This is not unusual in the residential proxy industry; the economics of reseller channels create strong incentives to minimise friction, and KYC requirements imposed at the top of the distribution chain do not propagate reliably to white-label resellers.
The consent question is structurally more difficult. Include Security's observation that privacy-policy disclosure is the wrong control surface for a television is precisely correct. The interaction model of a smart TV, navigated by directional keys on a remote, is fundamentally incompatible with informed consent to a network-layer service that persists indefinitely after the setup flow completes. Spur's finding that more than 42% of apps available on LG's webOS platform include residential proxy SDKs, and that more than 25% of Samsung Tizen apps do the same, indicates this is not a marginal phenomenon. It is the default monetisation model for a substantial fraction of the smart TV application ecosystem.
The Infoblox data adds a dimension that moves this beyond consumer harm. Sixty-five percent of Infoblox's enterprise customer base was querying residential proxy-related domains, with over 60% of government and banking customers included. When proxy SDKs are embedded in productivity applications installed on employee devices, the corporate network's IP space becomes part of the proxy pool. The incident response implications are serious: an attack routed through an employee's device could correctly be attributed to the organisation's address space, creating legal exposure and reputational damage that is difficult and expensive to untangle.
The AI Scraping Economy as Structural Driver
The timing of this research is not coincidental. Residential proxy providers have repositioned their marketing around AI training data acquisition, and the demand signal is real. Anti-bot services from Cloudflare, HUMAN, and DataDome have made datacenter IP ranges increasingly ineffective for large-scale web scraping. Residential proxies, by routing requests through genuine consumer ISP addresses, evade these controls. The result is that AI companies seeking training data, or the scraping intermediaries they contract with, have a strong economic incentive to consume residential proxy capacity at scale.
This creates a structural alignment between three previously distinct phenomena: the proliferation of cheap Android TV boxes pre-loaded with malicious SDKs, the residential proxy industry's need for a large and geographically diverse IP pool, and the AI industry's demand for web-scraped content that bypasses bot detection. The Popa botnet sits at the intersection of all three. The COAR survey finding that over 90% of academic repository operators encounter aggressive bots more than once a week, frequently causing service outages, is a direct downstream consequence of this alignment.
The comparison to IPIDEA is instructive. That China-based provider operated a daily pool approaching 10 million devices before Google and industry partners seized its control domains in January 2026. Popa's 1.5 to 2.5 million daily active nodes are smaller, but Formosa's point about amplification through reselling is important: because NetNut's proxy pool is itself resold by numerous downstream providers, Popa-sourced IP addresses appear across a wide range of proxy services simultaneously. The effective reach of the botnet in terms of how many distinct services can route traffic through it is larger than the raw node count suggests.
What Comes Next
The July 2025 BadBox 2.0 disruption by Google, HUMAN Security, and Trend Micro demonstrated that coordinated domain seizure can temporarily degrade botnet operations. Qurium's observation that new control domains were registered within days of that disruption, and that the Popa infrastructure was largely reconstituted, demonstrates the limits of domain-seizure as a long-term strategy against a well-resourced operator. The botnet's relay architecture, with hundreds of nodes and millions of clients, is designed to survive partial takedowns.
More durable interventions would need to operate at different layers. Platform-level policies, such as those already adopted by Amazon and Roku prohibiting proxy SDKs in app stores, represent one vector. Regulatory pressure on residential proxy providers to implement meaningful access controls, rather than relying on contractual terms that are unenforceable downstream, represents another. Neither is straightforward. The app store approach depends on enforcement quality and is easily circumvented by sideloading, which is trivially easy on the Android TV devices that form Popa's core. Regulatory approaches face jurisdictional complexity when the proxy provider is listed on a US exchange but operates from Israel, while the device manufacturers are largely Chinese, and the end users are globally distributed.
What the Popa case makes clear is that the residential proxy industry, as currently structured, externalises its costs onto device owners who have not meaningfully consented to participation, onto organisations whose services are disrupted by scraping traffic, and onto the broader internet infrastructure that absorbs the load. The fact that a publicly traded company sits at the centre of this network does not resolve those externalities; it simply makes the accountability chain more legible than it usually is.