Google shuts down massive proxy network used for cybercrime: Here is how you can safe your phone

In one of its biggest cybersecurity crackdowns yet, Google has taken down IPIDEA, a sprawling proxy network accused of hijacking millions of computers and smartphones worldwide.

Google says the network was being used by cybercriminals to secretly route their activity through unsuspecting users’ devices, creating “invisible tunnels” that masked their true identity online.

The tech giant has seized multiple domains, removed IPIDEA’s online storefront, and initiated legal action to prevent the group from resurfacing or continuing to sell access to its compromised network.

According to Google, the operation effectively disrupted one of the largest known residential proxy infrastructures on the internet, a system that allowed bad actors to “hide in plain sight.”

More from Tech

Union Budget 2026: FM announces India semiconductor mission 2.0, experts applaud move Union Budget 2026: FM announces rare earth corridor in 4 states

A hidden web of hijacked devices

Proxy networks like IPIDEA act as intermediaries between users and the internet, routing traffic through third-party devices. While this can serve legitimate purposes such as improving connectivity or bypassing regional restrictions, such networks are often exploited by criminals to conceal their location and identity.

Google’s investigation revealed that IPIDEA’s vast proxy network hijacked ordinary people’s home internet connections without their knowledge. Once compromised, these connections were rented out to other users, many of whom were carrying out illicit activities such as phishing, ad fraud, or espionage, making it appear as if the traffic was coming from legitimate consumer devices rather than from hackers.

“Residential proxy networks have become a pervasive tool for everything from high-end espionage to massive criminal schemes,” said John Hultquist, Chief Analyst at Google’s Threat Intelligence Group. “By routing traffic through a person’s home internet connection, attackers can hide in plain sight.”

Quick Reads

View All

Union Budget 2026: FM announces India semiconductor mission 2.0, experts applaud move

Union Budget 2026: FM announces rare earth corridor in 4 states

He added that Google’s action “pulled the rug out from under a global marketplace that was selling access to millions of hijacked consumer devices.”

By dismantling IPIDEA’s operational backbone, Google says it has neutralised a key infrastructure that facilitated countless cybercrimes, ranging from financial fraud to data theft.

Google strengthens Android defences

To prevent future exploitation, Google is expanding its Play Protect system to identify and remove apps containing IPIDEA-related code. The enhanced protection will automatically warn Android users if a suspicious app is detected, block its installation, or delete it from the device entirely.

The company has also shared details of its findings with other technology firms and cybersecurity organisations, urging collective vigilance to ensure that the IPIDEA network, or similar versions of it, does not resurface.

Google’s broader message, however, is aimed directly at users. The company has advised people never to share their internet access with untrusted applications or programmes, as this could allow attackers to misuse their connection for criminal activity. Users are also encouraged to keep Play Protect enabled and regularly install security updates to stay protected from emerging threats.

As part of its ongoing commitment to online safety, Google releases monthly Android security patches that address known vulnerabilities and block newly detected malware. The company’s cybersecurity teams say these updates play a critical role in preventing device takeovers and ensuring that malicious code is removed before it can spread.

How to safe your phone

The IPIDEA takedown underscores how cybercriminals continue to evolve their methods, often exploiting legitimate technologies to create shadow networks for illicit use. While Google’s disruption has dealt a major blow to one such operation, experts warn that similar proxy-based schemes could emerge in different forms.

For now, Google’s message to users is clear: stay updated, stay cautious, and never let unknown software share your network. The war against invisible cyber threats, it seems, is far from over, but for IPIDEA, the plug has finally been pulled.