Google and Partners Take Action
Google, working with its security partners, has shut down one of the largest known proxy networks used for cyberattacks. Last week, the Google Threat Intelligence Group (GTIG) confirmed that it disrupted IPIDEA, a long-running and covert proxy operation.
According to Google, the network secretly converted Android smartphones and Windows PCs into internet proxies. Cybercriminals then routed malicious traffic through victims’ home networks. This method helped attackers hide the real source of their activity.
GTIG Disrupts the IPIDEA Network
In a detailed blog post, Google explained how it tracked and dismantled IPIDEA. Residential proxy networks like this operate without user permission. Security experts consider them unethical.
These networks reroute traffic through compromised consumer devices. As a result, malicious activity appears to come from normal residential IP addresses instead of data centers.
How Cybercriminals Used the Network
Attackers used IPIDEA to hide several types of cybercrime. These included credential stuffing, content scraping, account takeovers, and financial fraud.
Because the traffic looked normal, security systems struggled to detect abuse. Google said IPIDEA used multiple evasion tactics. These included hidden background services and masked command-and-control channels.
Malware Spread Through Apps and Software
Google found that the operation spread through malicious Android apps and Windows proxy software. Attackers distributed these apps outside official app stores. They also used third-party platforms.
Once installed, the malware ran quietly in the background. It continuously forwarded internet traffic without alerting users.
Users Remained Unaware
In many cases, users noticed nothing unusual. The malware caused no clear battery drain. It also showed no abnormal data usage. This stealth behavior allowed the network to operate for long periods.
Infrastructure Taken Offline
GTIG and its partners identified the servers controlling infected devices. They then worked with infrastructure providers and domain registrars. Together, they shut down domains and servers used by the network.
These actions stopped attackers from sending commands and routing proxy traffic.
Stronger Defenses Going Forward
Google also updated its internal detection systems. These updates will help identify similar proxy networks faster in the future. The company aims to respond quickly if the same tools appear again.
Google stated, “We urge mobile platforms, ISPs, and technology companies to share intelligence and follow best practices to detect illegal proxy networks and reduce harm.”