'We believe our actions have seriously impacted one of the largest
residential proxy providers': Google takes the fight to IPIDEA and removes millions of devices from criminal network

Date:
Thu, 29 Jan 2026 14:05:00 +0000

Description:
One of the largest residential proxy services takes a hit after Google gets involved.

FULL STORY

Google has declared it struck one of the largest residential proxy networks around today, disrupting hundreds of cybercriminal groups and possibly thousands of hacking operations.

On its blog , Googles Threat Intelligence Group (GTIG) said it disrupted IPIDEA, a well-known residential proxy service that counts millions of
Android, Windows, and other devices.

GTIG says IPIDEA relied on software development kits (SDK), which were advertised to software developers as a way to monetize their apps. However, apps that included these SDKs actually assimilated the devices into the proxy network, without the users knowledge, or consent. Usually, residential proxy networks comprise routers, modems, DVRs, smart home devices, and different sensors. In some cases, cheap Android TVs and set-top boxes came with the malware preinstalled, also suggesting sophisticated supply chain compromise.

Disrupting hundreds of threat actors

To disrupt IPIDEA, Google took legal action to seize domains used for command-and-control and marketing, shared technical intelligence with
industry partners and law enforcement, and updated Google Play Protect to automatically remove apps containing IPIDEA SDKs.

Google says these actions reduced the available proxy device pool by millions and degraded the networks ability to operate, though it warns the residential proxy market remains a fast-growing gray market that continues to enable large-scale cybercrime.

We believe our actions have caused significant degradation of IPIDEAs proxy network and business operations, reducing the available pool of devices for
the proxy operators by millions, Google said.

Because proxy operators share pools of devices using reseller agreements, we believe these actions may have downstream impact across affiliated entities.

Google linked IPIDEA to multiple well-known proxy and VPN brands, showing
they all shared the same backend infrastructure. Some of the names it
mentioned includes ABC Proxy, Galleon VPN, PIA S5 Proxy, Radish VPN, and Tab Proxy.

The researchers also said that in a single week, more than 550 known and tracked threat actor groups used IPIDEA, including groups with links to
China, Russia, Iran, and North Korea. The proxies were allegedly used for espionage, credential attacks, botnet control, and access to compromised
cloud and enterprise environments.

======================================================================
Link to news story: https://www.techradar.com/pro/security/we-believe-our-actions-have-seriously-i mpacted-one-of-the-largest-residential-proxy-providers-google-takes-the-fight- to-ipidea-and-removes-millions-of-devices-from-criminal-network

$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/105)