Google dismantled a global IPIDEA residential proxy network that had covertly enrolled millions of consumer devices as proxy exit nodes, seizing domains and coordinating with providers and law enforcement to disrupt the infrastructure. The network enabled large-scale espionage and cybercrime through SDKs embedded in benign apps and a two-tier command-and-control system tied to botnets such as BadBox2.0. #IPIDEA #BadBox2.0
Keypoints
- Google seized domains and worked with platform providers and law enforcement to dismantle the IPIDEA proxy network.
- IPIDEA covertly converted millions of consumer devices into residential proxy exit nodes via monetization SDKs embedded in benign apps.
- The network powered multiple botnets including BadBox2.0, Aisuru, and Kimwolf and was used by over 550 tracked threat groups in a single week.
- The infrastructure used a two-tier C2 model with roughly 7,400 Tier Two servers and thousands of infected binaries contacting Tier One domains.
- Google enabled Play Protect removals, shared technical intelligence across the ecosystem, and called for proxy accountability and policy reform while urging consumer caution.
Read More: https://thecyberexpress.com/google-dismantles-massive-proxy-network/