{"id":273638,"date":"2026-01-31T11:44:08","date_gmt":"2026-01-31T11:44:08","guid":{"rendered":"https:\/\/www.newsbeep.com\/ie\/273638\/"},"modified":"2026-01-31T11:44:08","modified_gmt":"2026-01-31T11:44:08","slug":"google-takes-down-an-invisible-network-that-was-secretly-using-your-phones-internet","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/ie\/273638\/","title":{"rendered":"Google takes down an invisible network that was secretly using your phone’s internet"},"content":{"rendered":"

What you need to knowGoogle says it has crippled IPIDEA, a massive residential proxy network that secretly turned millions of everyday devices into tools for cybercrime.IPIDEA hid attacks behind real home internet connections, making malicious traffic harder to detect and block than data center-based proxies.About nine million Android devices were freed, along with the removal of hundreds of compromised apps.<\/p>\n

Google just dealt a major blow to one of the internet\u2019s most shadowy infrastructures: a sprawling residential proxy network known as IPIDEA that quietly turned millions of smartphones, PCs, and connected devices into a proxy army bad actors could rent to hide and scale attacks.<\/p>\n

Residential proxy networks<\/a> aren\u2019t really household names outside security circles. For the uninitiated, instead of sending bad traffic through data centers that defenders can block, attackers use real residential IPs \u2014 like your home internet connection \u2014 to hide where the traffic comes from. That\u2019s what IPIDEA provided, and on a huge scale.<\/p>\n

<\/p>\n

Google\u2019s Threat Intelligence Group (GTIG) says<\/a> IPIDEA\u2019s infrastructure was embedded in hundreds of apps and SDKs \u2014 such as PacketSDK, EarnSDK, HexSDK, and CastarSDK \u2014 that developers used for monetization. Once installed, these SDKs could recruit a device into IPIDEA\u2019s proxy pool without clear disclosure to the user, turning that device into an exit node for routing traffic on behalf of others.<\/p>\n

You may like<\/p>\n

Fueling the world\u2019s most dangerous groups<\/p>\n

The result was that everyday users unknowingly became part of a network used by more than 550 tracked threat groups in just one week this month. These included skilled cybercriminals and advanced persistent threat (APT) actors connected to China, Russia, Iran, and North Korea. The proxies supported activities like credential stuffing, espionage, DDoS attacks, and hiding command-and-control operations.<\/p>\n

This week, Google took decisive action. The company used legal and technical steps to take down dozens of IPIDEA-related domains that ran these networks and promoted its SDKs and proxy services. Google Play Protect<\/a> was updated to find and remove affected Android apps. Google also shared information with partners like Lumen\u2019s Black Lotus Labs, Cloudflare, and others to help disrupt the backend systems.<\/p>\n

The results are clear. Google says the number of hijacked devices available for abuse has dropped by millions. This includes removing about nine million Android devices<\/a> linked to the network and hundreds of related apps.<\/p>\n

Not every part of the network is gone, though, but the disruption makes it much harder for operators to expand future abuse.<\/p>\n

Get the latest news from Android Central, your trusted companion in the world of Android<\/p>\n

Android Central’s Take<\/p>\n

In my view, Google\u2019s action against the IPIDEA network is a big win for everyday users. It not only blocks a major path for hidden cyberattacks but also helps restore trust in devices that were unknowingly used in a global botnet. While the proxy ecosystem will keep changing, seeing a major company hold bad actors responsible gives users real protection now.<\/p>\n","protected":false},"excerpt":{"rendered":"What you need to knowGoogle says it has crippled IPIDEA, a massive residential proxy network that secretly turned…\n","protected":false},"author":2,"featured_media":273639,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[61,60,202,80],"class_list":{"0":"post-273638","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-mobile","8":"tag-ie","9":"tag-ireland","10":"tag-mobile","11":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/posts\/273638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/comments?post=273638"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/posts\/273638\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/media\/273639"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/media?parent=273638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/categories?post=273638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/tags?post=273638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}