US EditionPublished • loading... • Updated
Google Dismantles Massive Chinese Cyber Network Linked to Malware
Google's operation removed domains and apps linked to IPIDEA, cutting its device pool by millions and disrupting criminal use of hijacked residential proxies worldwide.
- On Jan 28, Google Threat Intelligence Group seized domains and used Google Play Protect, with Google saying, `'We believe our actions have caused significant degradation of IPIDEA's proxy network and business operations, reducing the available pool of devices for the proxy operators by millions.'`
- IPIDEA operated at least 13 residential proxy brands and enrolled devices via proxy SDKs embedded in apps, sometimes paid for by app developers, while GTIG observed over 550 threat groups using IPIDEA exit nodes in a seven‑day period in January 2026.
- Google found over 600 Android applications and 3,075 unique Windows files linked to the network, working with Spur, Lumen's Black Lotus Labs, and Cloudflare to map and disrupt IPIDEA's domain resolution.
- Google said the removals protect millions of consumer devices, aiming to stop exploitation by cybercriminals and disrupting a global marketplace selling access to hijacked consumer devices.
- GTIG says the move should cripple affiliated operators and resellers, as more than 550 threat groups used IPIDEA and its botnets threaten cybercriminal anonymity.
Insights by Ground AI
34 Articles
34 Articles
Google Moves to Dismantle Chinese Cyber Proxy Network|Daily News Digest|2026-01-29|web only
Jan 29, 2026 -- Today’s top stories: Google Moves to Dismantle Chinese Cyber Proxy Network, ASML to Cut 1,700 Jobs Despite AI-Driven Order Surge, and Philippines Invests Heavily to Future-Proof Outsourcing Workforce.
Coverage Details
Total News Sources34
Leaning Left1Leaning Right0Center5Last UpdatedBias Distribution83% Center
Bias Distribution
- 83% of the sources are Center
83% Center
L 17%
C 83%
Factuality
To view factuality data please Upgrade to Premium
