Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Google shuts down massive IPIDEA proxy network with court order

byKerem Gülen
February 2, 2026
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Google’s Threat Analysis Group identified unusual high-volume outbound traffic from millions of internet-connected devices worldwide, revealing a massive distributed relay system operated by Chinese company IPIDEA. The company embedded software development kits into apps, turning devices into proxy exit nodes. Google obtained a federal court order to shut down the network’s domains and infrastructure.

The Threat Analysis Group first detected traffic patterns across millions of private phones, computers, and smart home devices that forwarded data for third parties. These patterns deviated from standard malware signatures, pointing instead to coordinated relay operations. Google determined IPIDEA orchestrated the system, which functioned as the largest residential proxy network disrupted to date.

IPIDEA integrated its software development kits into over 600 different apps and desktop programs. These included free games, utility tools, and productivity applications that users downloaded routinely. Once installed, the kits enabled devices to serve as exit nodes, relaying internet traffic from other sources. In this setup, data requests passed through the infected devices, concealing the original sender’s identity.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Residential proxy networks like IPIDEA’s utilized personal IP addresses from everyday devices for high-volume data flows. Legitimate proxies aid privacy tools and enterprise testing, but this operation exploited unsuspecting users’ hardware without their knowledge. Google recorded the network’s peak at more than 9 million Android phones globally.

The SDKs avoided traditional malware tactics by leveraging permissions embedded in Android’s architecture. Device owners granted these permissions during app installations, allowing outbound connections without triggering typical security alerts. Researchers spotted the activity through the volume of traffic originating from residential IP addresses, which stood out against normal usage.

In 2025, external attackers identified a vulnerability in IPIDEA’s infrastructure. They seized control, repurposing millions of compromised devices into a botnet named Kimwolf. This botnet directed distributed denial-of-service attacks against various targets, amplifying the network’s risks beyond its original proxy role.

IPIDEA confirmed that criminal actors had misused its platform. Despite this acknowledgment, the company refused to follow Google’s court order demanding the dismantling of its services. The order targeted the backend systems coordinating traffic across continents.

Google executed a coordinated shutdown of the web domains and supporting infrastructure. This action severed the connections linking the proxy nodes, halting operations that had persisted for years undetected by most users.

Google Play Protect, the security scanner integrated into Google Play, now detects and blocks IPIDEA SDK libraries. This protection applies to apps downloaded from the official store. Devices with apps from third-party sources lack this safeguard, leaving them exposed to similar SDK-based proxy functions.

The incident exposed difficulties in mobile security detection. Proxy SDKs share data flows with analytics trackers and ad networks, all involving developer-third-party communications. Distinguishing unauthorized proxying from standard operations requires analyzing subtle traffic anomalies rather than overt malicious code.

Users face risks from downloading free or cracked applications from unverified sources. Such apps often contain hidden SDKs that enroll devices in proxy networks. Android’s defenses target classic malware profiles, permitting SDK exploitation to evade scans.


Featured image credit

Tags: Googleproxy

Related Posts

Tesla brings long-wheelbase Model Y to the US

Tesla brings long-wheelbase Model Y to the US

July 3, 2026
Opera adds protection against copy-paste ClickFix attacks

Opera adds protection against copy-paste ClickFix attacks

July 3, 2026
Cloudflare will block AI crawlers unless sites opt in

Cloudflare will block AI crawlers unless sites opt in

July 3, 2026
Meta releases Pocket app for generative AI games

Meta releases Pocket app for generative AI games

July 3, 2026
Android Halo will place AI agent updates in status bar

Android Halo will place AI agent updates in status bar

July 2, 2026
WhatsApp usernames spark impersonation and fraud concerns

WhatsApp usernames spark impersonation and fraud concerns

July 2, 2026

LATEST NEWS

Tesla brings long-wheelbase Model Y to the US

Opera adds protection against copy-paste ClickFix attacks

Cloudflare will block AI crawlers unless sites opt in

Meta releases Pocket app for generative AI games

Android Halo will place AI agent updates in status bar

WhatsApp usernames spark impersonation and fraud concerns

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Instantchapters

Intellectia

ZipWP

Copyleaks – Plagiarism detector

Clipping Magic

KoalaChat

SpeechText

Booknotes

Unscrambler

LingoLooper

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.