Google takes down an invisible network

Google wipes out IPIDEA botnet that hijacked millions of home routers.

What you need to know
Google says it has crippled IPIDEA, a massive residential proxy network that secretly turned millions of everyday devices into tools for cybercrime.
IPIDEA hid attacks behind real home internet connections, making malicious traffic harder to detect and block than data center-based proxies.
About nine million Android devices were freed, along with the removal of hundreds of compromised apps.
Google just dealt a major blow to one of the internet’s most shadowy infrastructures: a sprawling residential proxy network known as IPIDEA that quietly turned millions of smartphones, PCs, and connected devices into a proxy army bad actors could rent to hide and scale attacks.

Residential proxy networks aren’t really household names outside security circles. For the uninitiated, instead of sending bad traffic through data centers that defenders can block, attackers use real residential IPs — like your home internet connection — to hide where the traffic comes from. That’s what IPIDEA provided, and on a huge scale.

Google’s Threat Intelligence Group (GTIG) says IPIDEA’s infrastructure was embedded in hundreds of apps and SDKs — such as PacketSDK, EarnSDK, HexSDK, and CastarSDK — that developers used for monetization. Once installed, these SDKs could recruit a device into IPIDEA’s proxy pool without clear disclosure to the user, turning that device into an exit node for routing traffic on behalf of others.

https://www.macrumors.com/2026/02/01/carplay-ultra-to-expand-this-year/