Google Cracks Down on IPIDEA: Major Blow to Global Proxy-Based Cyberattacks

Proxy-based cyberattacks have been a major problem for years due to their serious impact. Although it seems simple, this attack works because it uses a legitimate IP address. Proxy-based attacks often use residential proxies to avoid detection. MojoAuth.com’s analysis of “4.2 billion authentication attack attempts blocked across our platform in 2025” reveals “89% of attacks use residential proxy networks”.

This is why Google's latest announcement of “disrupting” a well-known, large-scale proxy network is welcome news to online security. Google Threat Intelligence Group recently announced the disruption of the IPIDEA proxy network.

Although IPIDEA is not a familiar name for everyone, it’s one of the largest proxy networks in the world with far-reaching implications.

Massive Proxy Network Reseller

IPIDEA’s role in proxy attacks is relatively simple but highly effective. The company sells residential proxy networks to cybercriminals, which are used to hide their identities and avoid detection.

The company works on many fronts to increase its number of residential proxy servers by the millions. Among them is embedding their SDKs (Software Development Kits) into various types of apps that would work on devices. A game, a free VPN, and other tools could come with one of their SDKs. Once these are installed on a device, their IP address could be resold to cybercriminals.

This is why it is important to be wary of free applications, games, and apps. Some apps contain malicious code that uses a device’s IP address for harmful purposes without the user knowing.

THE Impact of Disruption

Google’s disruption of IPIDEA is significant because it wasn’t just a simple discovery.  Google also “shared technical intelligence on discovered IPIDEA software development kits (SDKs) and proxy software with platform providers, law enforcement, and research firms to help drive ecosystem-wide awareness and enforcement”. Because of this discovery, IPIDEA can no longer hide its operations, as its SDKs and tools have been identified.

Some of these SDKs could be embedded in Google apps, and the company has removed these applications to prevent them from infecting more devices. They have also used legal action to shut down Command and Control domains that exploit compromised devices.

Financial Impact of Proxy Attacks

While there is no exact number on the financial losses caused by proxy attacks, an estimate of their impact can be established. Account Takeover (ATO) often relies on proxy attacks because they are useful in stealing personal information. According to AuthX, identity fraud losses were at $12.5B in 2024, and ATO was a “major contributor”. It’s also not expected to be higher in 2025 as more devices were unknowingly infected and used.

Google and other companies often play catch-up on cyber attacks. However, disruptions such as this help, as a large-scale seller of a proxy network has been greatly limited. Bad actors like IPIDEA will appear, but if companies and security experts work together, their threats can be stopped. Billions have been lost to these attacks, and these companies don’t want to report financial losses just because they were careless about security.