back to top
15.5 C
Islamabad
Friday, February 27, 2026

Google disables the largest global network of residential proxies used to commit crimes

Google’s threat intelligence team this week carried out an international operation to dismantle the world’s largest network of residential proxies, a key infrastructure in digital criminal activities on a global scale.The objective of the action was IPIDEA, a network little known outside of technical areas but essential for hiding illegal operations behind apparently legitimate connections.

Residential proxies differ from conventional proxies because they use IP addresses assigned to homes and small businesses instead of data center servers.The responsible software is installed on everyday devices such as phones, smart TVs or routers, and allows cybercriminals to camouflage their activity under the guise of ordinary traffic.

This method makes detection and blocking by authorities and cybersecurity companies difficult, since the connections appear to come from real users.

Google disables the largest global network of residential proxies used to commit crimes
More than 600 Android applications integrated code to connect devices to the IPIDEA proxy network.(Illustrative Image Infobae)

IPIDEA maintained its network through millions of residential IP addresses, mainly in countries such as the United States, Canada and Europe, regions considered more reliable by security systems.Network operators obtained these addresses through two main methods: by deliberately installing proxy software on devices or by tricking users into downloading applications with hidden code.

There was also the variant of users who, attracted by the promise of income from sharing their bandwidth, voluntarily installed the software, without knowing its implications.

Google discovered that the façade of privacy and freedom of expression used to promote these services contrasted with reality.During a single week in January 2026, the Google team identified more than 550 threats using IPIDEA IP addresses.

Among the malicious actors detected were groups linked to China, North Korea, Iran and Russia.Illegal activities carried out using these connections ranged from unauthorized access to enterprise cloud environments to brute force attacks against password managers.

Google disables the largest global network of residential proxies used to commit crimes
Google identified that popular proxy and VPN services were part of the same IPIDEA framework.(Illustrative Image Infobae)

Google’s analysis revealed that many proxy and VPN programs, which appeared to be independent, were controlled by the same people responsible for IPIDEA.Among the names identified are 922 Proxy, Luna Proxy, Cherry Proxy and VPN services such as Galleon VPN and Radish VPN.

Additionally, these operators managed software development kits (SDKs) designed to integrate into third-party applications, offering payments to developers for each download and thus transforming users’ devices into nodes for the proxy network.

Google’s operation identified more than 600 Android applications with code intended to connect to the IPIDEA infrastructure.These applications, ranging from utilities to games and content platforms, used SDKs to increase their revenue at the expense of user security.As a result of the blockades implemented, millions of devices have become unavailable to the operators of this clandestine network, which represents a strong blow to the cybercrime ecosystem.

Google disables the largest global network of residential proxies used to commit crimes
Cybercriminals from countries such as China, Iran and Russia used the infrastructure to access systems and launch attacks.(Illustrative Image Infobae)

Users affected by these programs face various risks.By sharing your IP address, your devices can be used as a platform for illegal activities without your knowledge, exposing you to potential investigations or slowdowns of your networks.Additionally, installed software introduces additional vulnerabilities, increasing exposure to other types of cyberattacks.

Despite the success of the operation, IPIDEA still retains access to devices in different parts of the world.Google warns about the danger of installing applications that promise payments in exchange for sharing “unused bandwidth” or “shared internet.”For connected devices, such as television decoders, the recommendation is to only purchase products from recognized manufacturers and avoid downloading unverified applications.

The partial dismantling of the IPIDEA network marks a milestone in the fight against cybercrime, but also underlines the importance of prevention and digital education to prevent millions of home devices from continuing to be used in illicit activities on a global scale.

Aiman Sohail
Aiman Sohail
Dr. Aiman Sohail is a seasoned journalist and geopolitical analyst with over a decade of experience covering global affairs, politics, and current events. She earned her Bachelor’s degree in International Relations from Quaid-i-Azam University, Islamabad, followed by a Master’s in Political Science from Lahore University of Management Sciences (LUMS). Driven by a passion for understanding global dynamics, she completed her PhD in International Security Studies at The University of London, focusing on South Asian geopolitics and conflict resolution. Sara began her career as a correspondent for The Express Tribune, covering domestic politics and economic developments. She later joined Geo News as a senior reporter, specializing in geopolitical affairs, foreign policy, and conflict analysis. Over the years, her articles have been featured in major national and international publications, including Dawn, The Diplomat, and Al Jazeera English, earning her recognition for insightful analysis and in-depth reporting. In addition to journalism, Sara frequently contributes to academic forums, think tanks, and panel discussions on international relations. Her expertise lies in South Asian security, diplomatic policy, and global political trends, making her one of Pakistan’s leading voices in contemporary geopolitics.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles