Google has disrupted a massive, China-linked operation that hijacked millions of devices worldwide, turning them into unwitting participants in a refined cybercrime network. The company secured a court order to dismantle the infrastructure behind the “Ipidea” residential proxy network and the associated “Kimwolf” botnet, which security researchers describe as one of the moast powerful observed to date. This takedown highlights the increasing vulnerability of everyday smart devices – including Android phones – and the growing challenge of malicious actors leveraging them for illicit purposes, from launching DDoS attacks to masking other criminal activity.According to court filings unsealed today, Ipidea reportedly paid app developers to bundle its malicious code into legitimate applications, effectively creating a covert network of compromised devices.
Google has dismantled a massive malicious network that exploited millions of smart devices worldwide, including Android phones, turning them into unwitting proxies for suspicious online activity. The takedown underscores the growing security challenges posed by the proliferation of connected devices and the increasing sophistication of cybercriminals.
The company secured a federal court order in the United States enabling it to disable dozens of backend systems and websites belonging to a Chinese firm called Ipidea. Google describes Ipidea as operating the world’s largest Residential Proxy network.
These networks function by routing internet traffic through the devices of unsuspecting individuals – smartphones, computers, and smart home appliances – making malicious activity appear to originate from legitimate users. This technique obscures the true source of the traffic, complicating investigations and evading security measures, according to a report from phonearena.
Millions of users unknowingly became part of the network after downloading free apps and games containing hidden code linked to Ipidea. Once installed, these applications effectively turned the phones into nodes within a network allowing attackers to leverage the user’s IP address to mask potentially illegal activities.
Google confirmed that Play Protect, the built-in Android security system, automatically began warning users about and removing these malicious applications, and blocking future installations. However, Ipidea was able to spread widely by paying developers for each download of its software packages.
Over the past year, attackers exploited this network to compromise more than two million devices, transforming them into a massive botnet known as Kimwolf. This botnet was then used to launch Distributed Denial of Service (DDoS) attacks, disrupting access to major websites.
Security researchers have described the Kimwolf network as the most powerful botnet observed to date.
