Google Disrupts Network That Allowed Bad Actors to Use Consumers’ IP Addresses

By  |  January 28, 2026
 | 
Google cybersecurity

Google has disrupted a network that sold the ability to route internet traffic through consumer devices all over the world to bad actors who could then use this ability to mask their illicit activities.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    By hijacking IP addresses owned by internet service providers and used to provide service to residential or small business customers, the network made it more difficult for network defenders to detect and block these malicious activities, Google Threat Intelligence Group (GTIG) said in a Wednesday (Jan. 28) blog post.

    Google disrupted the IPIDEA proxy network by taking legal action to take down domains used by the network; sharing technical intelligence about IPIDEA’s software development kits (SDKs) and proxy software with platform providers, law enforcement and research firms; and ensuring Android’s built-in security protection, Google Play Protect, warns users and removes apps that are known to incorporate IPIDEA’s SDKs, according to the post.

    “We believe our actions have caused significant degradation of IPIDEA’s proxy network and business operations, reducing the available pool of devices for the proxy operators by millions,” GTIG said in the post. “Because proxy operators share pools of devices using reseller agreements, we believe these actions may have downstream impact across affiliated entities.”

    GTIG said in the post that while it believes it has disrupted IPIDEA, which was one of the biggest threats in this area, the residential proxy providers industry is growing rapidly.

    The group suggested that the threat posed by this industry can be countered by making consumers aware of the risk of apps that offer payment in exchange for “unused bandwidth” or “sharing your internet,” encouraging consumers to stick to official app stores, requiring residential proxy providers to show auditable proof of user consent, encouraging app developers to vet the monetization SDKs they integrate, and encouraging tech platforms to continue sharing intelligence and implementing best practices to identify and combat illicit proxy networks.

    Advertisement: Scroll to Continue

    In an earlier development in the cybersecurity arms race, PYMNTS reported in April that U.S. agencies and foreign peer organizations warned that many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.”

    Fast flux works by rapidly changing Domain Name System (DNS) records, allowing attackers to obscure the locations of their malicious servers and build resilient command-and-control infrastructures.


    Recommended

    Google cybersecurity

    Google Disrupts Network That Allowed Bad Actors to Use Consumers’ IP Addresses

    banking crypto

    White House to Host Banking-Crypto Summit to Restart Progress on Crypto Bill

    Meta earnings

    Zuckerberg Shrugs Off Wall Street Fears and Pledges Up to $135B for AI

    LendingClub Grows LevelUp Base as Loan Originations Rise

    See More In: , , , , ,