"According to the tech giant, not only do these networks permit bad actors to conceal their malicious traffic, but they also open up users who enroll their devices to further attacks. Residential IP addresses in the U.S., Canada, and Europe were seen as the most desirable. Google pursued legal measures to seize or sinkhole domains used as command‑and‑control (C2) for devices enrolled in the IPIDEA proxy network, cutting off operators' ability to route traffic through compromised systems."
"The proxy software is either pre-installed on devices or may be willingly installed by users, lured by the promise of monetizing their available internet bandwidth. Once devices are registered in the residential proxy network, operators sell access to it to their customers. Numerous proxy and VPN brands, marketed as separate businesses, were controlled by the same actors behind IPIDEA. The proxy network also promoted several SDKs as app monetization tools, quietly turning user devices into proxy exit nodes without their knowledge or consent once embedded."
Google seized and sinkholed domains used as command-and-control for IPIDEA, disrupting a large residential proxy network comprised of enrolled user devices. The disruption reduced IPIDEA's available device pool by millions and cut operators' ability to route malicious traffic. The proxy software was either pre-installed or installed by users attracted to monetization offers, and numerous proxy and VPN brands tied to the same operators sold access to the network. The network promoted SDKs that turned user devices into proxy exit nodes without consent. IPIDEA has been linked to large-scale brute-force attacks against VPN and SSH services since early 2024.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]