Back to Blog Home

February 11, 2026

-
min read

Lookout Expands Protection Following Google’s Disruption of the IPIDEA Proxy Network

Lookout
Lookout
Endpoint Security
Threat intelligence shield

Last week, Google’s Threat Intelligence Group announced the disruption of IPIDEA, one of the largest and most abused residential proxy networks observed in the wild. IPIDEA quietly turned millions of consumer devices into proxy exit nodes, enabling cybercrime, espionage, and botnet activity—while putting users and enterprises at risk.

At Lookout, we acted immediately. As soon as technical intelligence and indicators of compromise were shared, we expanded protections across the Lookout mobile security platform so customers were protected without delay.

Why IPIDEA Matters

Residential proxy networks like IPIDEA are especially dangerous because they abuse real consumer devices and ISP-assigned IP addresses. This allows attackers to blend into legitimate traffic, evade traditional defenses, and launch attacks that appear to originate from trusted residential networks.

Google’s investigation found that IPIDEA:

  • Secretly enrolled devices using embedded SDKs hidden inside otherwise benign apps
  • Fueled multiple botnets, including BadBox 2.0, Aisuru, and Kimwolf
  • Was used by hundreds of threat groups across cybercrime, espionage, and influence operations

This activity directly impacts mobile users—and the organizations that rely on mobile devices to access cloud services and sensitive data.

How Lookout Responded

Using shared intelligence from Google and ecosystem partners, Lookout rapidly expanded detection across all supported platforms, including:

  • IOC-based protections tied to IPIDEA infrastructure and SDKs
  • Behavioral detections for proxy enrollment activity
  • Binary similarity analysis to identify shared malicious code
  • Network-based detection of command-and-control traffic
    This layered approach protects customers from known IPIDEA threats as well as future variants that reuse the same techniques.

Protection Beyond the App Store

Many IPIDEA-enabled apps were distributed outside official app stores or preloaded on devices. Lookout protections follow the device—not the marketplace—covering both managed and unmanaged mobile endpoints.

Stay Protected

All Lookout customers are now protected against IPIDEA-related threats. No action is required.

We’ll continue working with industry partners to monitor evolving proxy abuse and keep mobile users safe.

Book a personalized demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations
Request a Demo

Book a personalized, no-pressure demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations
  • How an integrated endpoint-to-cloud security platform can detect threats and protect your organization
Request a Demo

Contact Lookout to
try out Smishing AI

Request a Demo

Book a Demo

Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.

Request a Demo Today

Related Content

How Lookout Secures Fairfax County's Mobile Infrastructure

Download Resource

Protecting iOS and Android: Essential for CIS Controls

Download Resource

Mobile Security: The Natural Add-On to Your Existing Services

Download Resource