Jan 29, 2026 22:00:00

Google shuts down a massive, shady network that was secretly operating on millions of Android smartphones

Google has revealed that it has taken down dozens of websites and backend systems belonging to a company called IPIDEA, which is suspected of exfiltrating device information through hundreds of apps and silently using devices to launch DDoS attacks.

Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog

https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network/?hl=en

Google takes down massive shady network that was secretly running on millions of Android phones - Android Authority

https://www.androidauthority.com/google-ipidea-takedown-3636232/

According to Google, IPIDEA is a Chinese company that allegedly operates a 'residential proxy network.' The attackers then installed free apps, games, and desktop software that secretly contained malicious code, connecting devices to the IPIDEA network. This allowed them to hijack internet traffic, making it appear as if the malicious actors were using the compromised device rather than their own.

In 2025, security researchers discovered vulnerabilities in millions of devices connected to IPIDEA's network. They reported that they had compromised at least two million systems, created a massive botnet called 'Kimwolf,' and used it to take down websites with massive DDoS attacks. The researchers called this the 'most powerful botnet ever observed.'

'Google has taken legal action to remove IPIDEA's domains, disconnecting millions of devices from the malicious network. IPIDEA controlled a network of numerous apps by distributing SDKs (software development kits). Google shared information about these SDKs with the appropriate authorities and removed hundreds of apps that contained the SDKs,' the company said.

In addition, Android's standard security feature 'Play Protect' automatically detects apps that contain IPIDEA's SDK, issues a warning, and removes the app and blocks future installations. However, because IPIDEA's SDK has been widely used, it is possible that users have already used apps that contain the SDK.

IPIDEA denied any illegal activity and maintained that its services are for legitimate business purposes. However, Google and the researchers noted that the risks to consumers and even national security were too high to ignore, and prioritized security.