"Google's Threat Intelligence Group (GTIG) describes IPIDEA as a "little-known component of the digital ecosystem" and says that in a seven-day period in January 2026, it observed more than 550 threat groups using IPIDEA exit nodes. GTIG said that proxy network operators sometimes pay app developers to embed proxy SDKs so that any device that downloads the app is enrolled in the network."
"The Googlers said that not only do these networks allow bad actors to conceal their malicious traffic, but users who enroll their devices are opening themselves up for further attacks, as their device may be used as a launchpad to compromise their other devices. Researchers say the disruption reduced IPIDEA's available pool of devices by millions, spanning smartphones, Windows PCs, and other consumer hardware, with residential IPs in the US, Canada, and Europe seen as the most desirable."
IPIDEA operated as a residential proxy network that enrolled consumer devices via distributed proxy software and SDKs, sometimes marketed to users as a way to "monetize" spare bandwidth. More than 550 distinct threat groups used IPIDEA exit nodes during a seven-day period in January 2026. Enrolled devices not only helped conceal malicious traffic but also exposed users to additional compromise and were in several cases co-enrolled into large botnets such as BadBox 2.0, Aisuru, and Kimwolf. Disruption efforts reduced the pool of available devices by millions, with US, Canada, and Europe residential IPs most sought after. Residential proxies remain legal but are frequently abused.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]