Google Threat Intelligence Group (GTIG) has spearheaded a major operation to disrupt IPIDEA, one of the world's largest residential proxy networks. The disruption involved legal action against control domains, sharing intelligence on malicious SDKs, and deploying automated protections through Google Play Protect. IPIDEA’s infrastructure allowed threat actors to route traffic through hijacked consumer devices, masking activities for over 550 threat groups involved in espionage and cybercrime globally.
The network relied on a two-tier command-and-control system and Software Development Kits (SDKs)—such as PacketSDK and EarnSDK—surreptitiously embedded in otherwise benign applications. These SDKs converted user devices into proxy exit nodes, not only facilitating malicious traffic but also exposing consumers' private networks to potential compromise. This action highlights the growing "gray market" of residential proxies and the critical need for industry-wide collaboration to protect end-users from bandwidth hijacking.
Top comments (0)