嗯,用户让我用中文总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”之类的开头。我得先仔细阅读这篇文章,理解它的主要内容。 文章讲的是Google打击了一个叫做IPIDEA的全球住宅代理网络。他们通过法律手段、情报共享和生态系统范围内的执法行动,破坏了这个网络。Google Play Protect现在移除了使用IPIDEA SDK的应用,并阻止了它们的安装。这些行动显著削弱了IPIDEA的网络能力,减少了数百万设备,并可能影响相关的代理运营商。 住宅代理网络通过真实的ISP分配的住宅IP路由流量,让攻击者隐藏恶意活动并逃避检测。这些网络需要数百万消费者设备作为出口节点,通常通过特洛伊木马应用或欺骗性的“带宽货币化”提议来实现。Google发现这些网络被网络犯罪、间谍活动和僵尸网络滥用。 此外,研究人员发现许多“独立”的住宅代理和VPN品牌实际上由同一个控制IPIDEA的组织控制。他们使用多个代理SDK嵌入到应用中,以秘密地将用户设备变成代理出口节点。 Google与合作伙伴一起采取行动,拆毁了IPIDEA的基础设施,并呼吁消费者避免使用“带宽共享”应用和未经认证的设备。他们还强调了加强透明度、问责制和行业合作的重要性。 总结一下,文章主要讲述了Google如何成功破坏了IPIDEA这个大型住宅代理网络,并揭示了其背后的滥用行为和结构。 </think> Google与合作伙伴通过法律手段、情报共享和生态系统范围内的执法行动,成功破坏了全球最大的住宅代理网络之一——IPIDEA。该网络利用数百万用户设备作为出口节点进行恶意活动,被广泛用于网络犯罪、间谍活动和僵尸网络攻击。Google Play Protect已移除并阻止使用IPIDEA SDK的应用程序,并呼吁消费者避免使用未经认证的带宽共享应用。 2026-1-29 15:16:8 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Google targets IPIDEA in crackdown on global residential proxy networks
Google disrupted IPIDEA, a major residential proxy network that enrolled users’ devices via SDKs embedded in mobile and desktop apps.
Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing on malicious SDKs, and ecosystem-wide enforcement. Google Play Protect now removes and blocks apps with IPIDEA SDKs. The actions significantly degraded the network, cutting millions of devices and potentially impacting affiliated proxy operators through shared device pools.
“This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors.” reads the announcement.
Residential proxy networks route traffic through real ISP-assigned residential IPs, letting attackers hide malicious activity and evade detection. They require millions of consumer devices enrolled as exit nodes, often via trojanized apps or deceptive “bandwidth monetization” offers. Google’s GTIG found these networks, including IPIDEA, are heavily abused by cybercrime, espionage, and botnets such as BadBox2.0, Aisuru, and Kimwolf. In one week of January 2026, over 550 tracked threat groups used IPIDEA exit nodes. These proxies also endanger users by exposing their devices and home networks to unauthorized traffic, compromise, and reputational risk.
“We believe our actions have caused significant degradation of IPIDEA’s proxy network and business operations, reducing the available pool of devices for the proxy operators by millions.” continues the report. “Because proxy operators share pools of devices using reseller agreements, we believe these actions may have downstream impact across affiliated entities.”
The researchers discovered that many “independent” residential proxy and VPN brands are actually controlled by the same actors behind IPIDEA, including services like 360 Proxy, Luna Proxy, PIA S5, and Radish VPN. The group also operates multiple proxy SDKs (Castar, Earn, Hex, Packet) embedded into apps to monetize downloads and covertly turn user devices into proxy exit nodes. These SDKs, offered across Android, Windows, iOS, and WebOS, are key to scaling the network. Claims of ethical IP sourcing are often misleading, as many apps fail to disclose proxy enrollment, exposing users to abuse and risk.
Multiple IPIDEA-linked SDKs (EarnSDK, PacketSDK, CastarSDK, HexSDK) share code and a common two-tier command-and-control infrastructure. In Tier One, infected devices contact domains to send diagnostics and receive Tier Two node details. In Tier Two, devices poll IP-based servers for proxy tasks and then relay traffic to target destinations. Despite different brands and domains, all SDKs use a shared global pool of about 7,400 Tier Two servers, indicating a single backend. Devices are enrolled via trojanized VPNs, Windows binaries, and hundreds of Android apps, often without user disclosure.
Google dismantled much of IPIDEA’s infrastructure by taking down C2 and marketing domains, enforcing Play Protect to remove apps with IPIDEA SDKs, and blocking future installs.
The IT giant coordinated with partners like Cloudflare, Spur, and Black Lotus Labs to disrupt operations and share intelligence. The company warns residential proxies are a growing gray market enabling cybercrime and espionage, urges consumers to avoid “bandwidth sharing” apps and uncertified devices, and calls for stronger transparency, accountability, and industry-wide collaboration to curb abuse.
“We encourage mobile platforms, ISPs, and other tech platforms to continue sharing intelligence and implementing best practices to identify illicit proxy networks and limit their harms.” concludes the report that also includes Indicators of Compromise (IOCs).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, IPIDEA)
如有侵权请联系:admin#unsafe.sh