Google's Threat Intelligence Group (GTIG) has successfully disrupted IPIDEA, a massive residential proxy network consisting of over 6.7 million compromised devices. The network was used by hundreds of threat groups from regions including China, Iran, and Russia to mask malicious activities such as credential theft, password spraying, and large-scale DDoS attacks. By routing traffic through consumer devices, attackers were able to bypass traditional network defenses.
The operation exposed that IPIDEA fueled its network through more than 600 trojanized Android apps and 3,000 Windows binaries posing as legitimate updates. Google has since updated Google Play Protect to automatically block the malicious SDKs associated with the network. While the disruption is significant, analysts warn that the unidentified operators may attempt to rebuild their infrastructure under different branding.
Top comments (0)