Mastodawn

Taran Rampersad Feb 2

#Google, #IPIDEA and #android.

A clever proxy used regular android permissions rather than hardware.

Quite with the sketchy apps already, folks.

#infosec #privacy

https://www.techspot.com/news/111143-google-dismantles-massive-proxy-network-turned-9-million.html

Google dismantles massive proxy network that turned 9 million Android phones into data relays

The discovery triggered what Google is calling the largest residential proxy network takedown in history. Armed with a federal court order, the company pulled the plug on...

TechSpot

卡拉今天看了什麼 Feb 2

Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog

LinkThreat Intelligence: No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network
https://security.googleblog.com/2026/01/no-place-like-home-network-disrupting.html

📌 Summary:
本文由 Google Threat Intelligence Group (GTIG) 與多方合作，揭露並打擊全球最大住宅代理伺服器網路之一 IPIDEA。該網路透過惡意植入軟體開發套件（SDK）於多平臺應用程式中，將使用者裝置祕密納入代理服務，供不法份子操縱並偽裝其惡意行為，涵蓋間諜活動、網路攻擊及各類網路犯罪。住家代理網以真實的住宅 IP 位址作為流量出口，極大增加資安防護的複雜度。GTIG 採取法律行動關閉多個控制及行銷用的惡意域名，並通知 Google Play Protect 自動阻擋相關應用程式，導致 IPIDEA 網路大量裝置流失，嚴重削弱其業務運作。文章也點出住宅代理網市場存在監管真空，並呼籲業界與消費者提高警覺，共同抵禦此類新興威脅。

🎯 Key Points:
→ 住宅代理定義與風險：住宅代理是利用網際網路服務提供者所分配給家庭或小型企業的 IP，由惡意軟體等方式讓大量裝置成為代理節點，因其流量來源自然且分散，助長不法利用難以追蹤與封鎖。
→ IPIDEA 網路架構：由多個品牌代理及 VPN 應用控制，透過多款 SDK（包括 Castar、Earn、Hex 及 Packet SDK）嵌入應用程式，讓裝置自動連接兩層控制伺服器。第一層下發代理伺服器清單，第二層接收代理任務。約有 7,400 個代理節點隨需應變運作。
→ 惡意應用與影響範圍：超過 600 個 Android 程式及數千個 Windows 惡意檔案被發現含有 IPIDEA 代理功能，部分偽裝成正常應用或系統更新，誘騙使用者不知情加入代理網關，甚至造成家用網路安全漏洞及身份誤判。
→ GTIG 疏解措施與合作：法律打擊關閉代理控制域名，Google Play Protect 主動阻擋帶有 IPIDEA SDK 的應用，與 Cloudflare 等業者合作幹擾域名解析，並與研究團隊共享威脅情報以擴大影響力。
→ 消費者與產業倡議：提醒用戶勿輕信「共享網路帶寬換金錢」應用，購買具 Play Protect 認證的設備，審慎使用第三方 VPN 或代理。業界應加強對 SDK 來源與應用的審核，政策層面須建立透明度和用戶同意機制。

🔖 Keywords:
#住宅代理_proxy #IPIDEA #軟體開發套件_SDK #Google_Threat_Intelligence #網路安全_Cybersecurity

Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog

IPIDEA’s proxy infrastructure is a component of the digital ecosystem leveraged by a wide array of bad actors.

Google Cloud Blog

Teddy / Domingo (🇨🇵/🇬🇧)Feb 2

Démantelement du #réseau IPIDEA : votre #smartphone Android servait peut-être de relais aux pirates. Vous pensiez que votre #téléphone dormait la nuit ? Loupé. Google vient d’éteindre la lumière sur #IPIDEA, une machinerie complexe qui transformait des millions d’#Android innocents en zombies numériques vendus au plus offrant.
https://www.clubic.com/actualite-598453-demantelement-du-reseau-ipidea-votre-smartphone-android-servait-peut-etre-de-relais-aux-pirates.html

Démantelement du réseau IPIDEA : votre smartphone Android servait peut-être de relais aux pirates

Vous pensiez que votre téléphone dormait la nuit ? Loupé. Google vient d’éteindre la lumière sur IPIDEA, une machinerie complexe qui transformait des millions d’Android innocents en zombies numériques vendus au plus offrant.

clubic.com

CyberVeille.ch Jan 30

📢 Google perturbe le réseau de proxies résidentiels IPIDEA via actions légales et techniques
📝 Source : Google Threat Intelligence Group (GTIG), 28 janvier 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-01-29-google-perturbe-le-reseau-de-proxies-residentiels-ipidea-via-actions-legales-et-techniques/
🌐 source : https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
#IOC #IPIDEA #Cyberveille

Google perturbe le réseau de proxies résidentiels IPIDEA via actions légales et techniques

Source : Google Threat Intelligence Group (GTIG), 28 janvier 2026. GTIG détaille une opération conjointe visant à perturber ce qu’il présente comme l’un des plus grands réseaux de proxies résidentiels au monde, IPIDEA, utilisé à grande échelle par des acteurs malveillants. GTIG décrit trois volets d’action principaux : prise de mesures légales pour faire retirer des domaines de commande et de contrôle (C2) et de marketing, partage de renseignements techniques (SDKs et logiciels proxy) avec plateformes, forces de l’ordre et partenaires de recherche, et renforcement des protections Android via Google Play Protect pour détecter, avertir et supprimer les applications intégrant les SDKs IPIDEA. GTIG estime que ces actions ont « réduit de millions » le nombre de dispositifs disponibles pour le réseau, avec des impacts potentiels en cascade chez des entités affiliées.

CyberVeille

Marcel SIneM(S)US Jan 30

#Google

zieht Millionen Geräte aus #IPIDEA-Residential-Proxy-Netz | Security https://www.heise.de/news/Google-zieht-Millionen-Geraete-aus-IPIDEA-Residential-Proxy-Netz-11158935.html

Google zieht Millionen Geräte aus IPIDEA-Residential-Proxy-Netz

Google hat dem Residential-Proxy-Netz IPIDEA einen empfindlichen Schlag versetzt. Es wird etwa von Kriminellen genutzt.

heise online

The New Oil Jan 30

#Google disrupts #IPIDEA residential #proxy networks fueled by #malware

https://www.bleepingcomputer.com/news/security/google-disrupts-ipidea-residential-proxy-networks-fueled-by-malware/

#cybercrime #cybersecurity

Google disrupts IPIDEA residential proxy networks fueled by malware

IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners.

BleepingComputer

Timo Tijhof Jan 30

Residential proxies are a curse. Criminals use them as botnet for DDOS attacks. AI companies pay them to scrape the web for training data in a way that's nigh impossible to block or throttle.

Ipidea operated one of the largest residential proxy networks. Researchers found that Ipidea sold VPN services with "no clear disclosure about turning users' PCs into proxy nodes".

https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network

via https://en.wikipedia.org/wiki/Ipidea

Lobsters: https://lobste.rs/s/js7tql/google_disrupts_large_residential_proxy

#residentialproxy #netsec #IPIDEA

Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog

IPIDEA’s proxy infrastructure is a component of the digital ecosystem leveraged by a wide array of bad actors.

Google Cloud Blog

Miguel Afonso Caetano Jan 29

"Google has aimed a knockout blow at a massive cyber weapon that researchers say is running silently on millions of devices in the homes of consumers.

On Wednesday, Google used a federal court order to get dozens of domains belonging to Ipidea removed from the internet, said Google, a unit of Alphabet. Google and security researchers say the mysterious Chinese company is an unsavory enterprise that sneaks unwanted and dangerous software on millions of phones, home computers and Android devices.

Control of the domains allowed Google to both shut down the public websites and technical back-end of the company, which operates using more than a dozen brand names. Google has also taken steps to remove hundreds of apps affiliated with the company from Android devices, it said.

The actions are expected to knock more than nine million Android devices off Ipidea’s network. They target a little known but important part of the internet that has increasingly worried cybersecurity experts.

Called “residential proxy” networks, these online services are built out of apps that are installed on virtually any type of internet-connected device—among them media players, PCs and mobile phones. Companies such as Ipidea then rent out access to the devices to paying customers who want to use the internet anonymously. The businesses operate like Airbnbs for network bandwidth, except the people whose devices are being rented out often don’t realize what is happening."

https://www.wsj.com/tech/google-aims-knockout-blow-at-chinese-company-linked-to-massive-cyber-weapon-3c3fdc40

#CyberSecurity #Google #Ipidea #Android