Researchers at Spur Intelligence found residential proxy SDKs embedded in 2,058 of 6,038 smart TV applications scanned across LG webOS and Samsung Tizen, indicating that more than a third of the apps analyzed could route third-party internet traffic through users’ home connections. The apps were often presented as benign utilities or ambient entertainment, including clocks, solitaire, fish tank displays, and puppy-themed apps, while some explicitly offered users a tradeoff between ads and joining a proxy network. Spur said smart TVs are especially attractive as proxy hosts because they are typically always on, rarely monitored like PCs, and can continue proxy activity even after an app is closed.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
The published research warned that smart TVs are attractive residential proxy hosts because they are often always on, lightly monitored, and may continue proxy activity after an app is closed. It also highlighted risks from SDK implementations lacking private-range blocklists and noted that LG and Samsung reportedly lack published restrictions comparable to Amazon or Roku.
Spur Intelligence analyzed 6,038 applications across LG webOS and Samsung Tizen and found 2,058 apps containing residential proxy SDKs, representing 34.1% of the total. The research concluded that proxy infrastructure is being embedded at scale in consumer smart TV apps.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourcehelpnetsecurity.com
Open sourcespur.us
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.