- Google disrupts IPIDEA, a massive residential proxy network operating millions of devices
- More than 550 malicious groups have used IPIDEA for espionage, credential theft, and botnet operations.
- Lawsuits, domain seizures, and Play Protect updates have reduced the number of proxy devices by millions.
Google said it attacked one of the largest residential proxy networks around, disrupting hundreds of cybercriminal groups and possibly thousands of hacking operations.
On its blog, Google’s Threat Intelligence Group (GTIG) said it disrupted IPIDEA, a well-known residential proxy service with millions of Android, Windows and other devices.
GTIG claims that IPIDEA relied on software development kits (SDKs), which were presented to software developers as a way to monetize their applications. However, apps that included these SDKs actually assimilated devices into the proxy network, without users’ knowledge or consent. Usually, residential proxy networks include routers, modems, DVRs, smart home devices, and different sensors. In some cases, cheap Android TVs and set-top boxes came with the malware pre-installed, also suggesting sophisticated supply chain compromise.
Disrupt hundreds of threat actors
To disrupt IPIDEA, Google filed a lawsuit to seize domains used for command and control and marketing purposes, shared technical information with industry partners and law enforcement, and updated Google Play Protect to automatically remove apps containing IPIDEA SDKs.
Google claims these actions have reduced the number of available proxy devices by millions and degraded network operating capacity, while warning that the residential proxy market remains a rapidly growing “gray market” that continues to enable large-scale cybercrime.
“We believe our actions caused significant degradation of IPIDEA’s proxy network and business operations, reducing the number of devices available to proxy operators by millions,” Google said.
“As proxy operators share device pools through reseller agreements, we believe these actions may have a downstream impact on affiliated entities.”
Google linked IPIDEA to several well-known proxy and VPN brands, showing that they all shared the same backend infrastructure. Some of the names mentioned include ABC Proxy, Galleon VPN, PIA S5 Proxy, Radish VPN, and Tab Proxy.
The researchers also said that in a single week, more than 550 known and tracked threat actor groups used IPIDEA, including groups with ties to China, Russia, Iran and North Korea. Proxies have reportedly been used for espionage, credential attacks, botnet control, and access to compromised cloud and enterprise environments.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
