Disrupting the largest residential proxy network
8 days ago
- #threat-intelligence
- #cybersecurity
- #proxy-networks
- Google and partners disrupted the IPIDEA proxy network, one of the largest residential proxy networks globally.
- Actions included legal domain takedowns, sharing intelligence on malicious SDKs, and protecting Android users via Google Play Protect.
- Residential proxies enable bad actors to mask malicious activities by routing traffic through consumer devices, posing risks to users and network security.
- IPIDEA's network was linked to multiple botnets and used by over 550 threat groups, including state-sponsored actors.
- Proxy networks often deceive users by embedding SDKs in apps or offering 'monetization' schemes without clear consent.
- Google identified and took down related proxy/VPN brands and SDKs controlled by IPIDEA actors.
- A two-tier C2 infrastructure was used to manage proxy nodes, with overlaps across different SDKs.
- Consumers are urged to avoid apps promising payment for 'unused bandwidth' and to use official app stores.
- Industry collaboration and policy reforms are needed to address the risks of residential proxy networks.