At the heart of the NetNut residential proxy service was the Popa botnet, an engineered stealth communications layer. By embedding deceptive software development kits into inexpensive, off-brand Android-based smart TVs, streaming media boxes and unofficial apps like the SmartTube client, NetNut hijacked ordinary home electronics.
When consumers plugged in these devices, their home internet connections were quietly rented out as residential proxy exit nodes. This allowed malicious traffic to route through legitimate domestic IP addresses, effectively bypassing standard data center blocks and security filters.
AFAIK the only thing illegal about this is they didn’t bother with TOS agreements.



That is indeed the repo.
This thread implies that only untrusted sources might have been compromised:
https://old.reddit.com/r/ShieldAndroidTV/comments/1p7xvmt/psa_smarttube_was_removed_by_google_for_a_good/
Hope so. SmartTube is great.
It is an old, 7 months old thread about a different situation. I linked the repo so you would read beginning of README.
Ah gotcha, thanks! This is a bigger mess than I realized