Part One of this research paper covers the technical investigation: how the infection works, how Popanet operates and what traffic flows through subscriber homes without their knowledge or consent. Part 2 will examine how different types of malware are exploiting the presence of already-deployed proxies on these devices. All indicators of compromise are published on Plume Security Lab’s GitHub.
Subscribers buying a SuperBox believe they are paying for content. What they are also buying, without knowing it, is a permanent seat on someone else’s network.