**These Free VPNs and Proxies Used by Criminals to Hijack Users' Connections**

If you're one of the millions of users who installed free VPN services like Galleon VPN or Radish VPN, your PC may have been unwittingly turned into a staging device for cybercrime. According to Google's latest investigation, these free VPNs and proxy services were part of a massive network used by over 550 hacking groups to obscure their internet traffic.

At the center of this scheme was IPIDEA, a Chinese company that offered customers access to over 60 million IP addresses through its proxy network. These IP addresses allowed users to access the web as if they were local users from various parts of the globe. But Google's investigation revealed that IPIDEA didn't secure these IP addresses legitimately - instead, it sourced them from numerous unsuspecting users whose devices had become nodes in IPIDEA's network.

Google found that several free VPN and proxy brands were feeding into IPIDEA, including DoorVPN, Galleon VPN, Radish VPN, and Aman VPN. But what's even more disturbing is that while these VPN clients seemed to provide legitimate VPN functionality, there was no clear disclosure about turning users' PCs into proxy nodes.

To secure even more IP addresses, the creators of IPIDEA published software development kits (SDKs) for mobile apps, which they offered as a way to help developers create revenue. But these SDKs were actually embedded inside at least 600 mobile apps, turning devices that installed the software into "exit nodes" for IPIDEA's proxy network.

The threat posed by IPIDEA is significant, according to Google. By routing traffic through an array of consumer devices all over the world, attackers can mask their malicious activity by hijacking these IP addresses. This generates significant challenges for network defenders to detect and block malicious activities.

But that's not all - hackers who used IPIDEA could also access users' private devices on the same network. And Google found evidence that the hackers would try to compromise a user device by exploiting security gaps. The company told The Wall Street Journal that IPIDEA appears to be a Chinese company, and users are primarily from China, as well as Russia, North Korea, and Iran.

Many of these users are botnet operators - in fact, Google found evidence that IPIDEA was being used by the same group behind the BadBox2.0 botnet, which they took legal action against last year. The Aisuru and Kimwolf botnets were also leveraged using IPIDEA.

But there's some good news: Google has disrupted the IPIDEA proxy network by taking legal action to seize the domains IPIDEA used for its scheme, including command and control domains and websites that promoted IPIDEA's products and SDKs. This has reduced the available pool of devices for the proxy operators by millions - including 9 million Android devices.

Google is also working with industry partners to take action against these malicious services. Internet infrastructure provider Cloudflare has been cracking down on IPIDEA, and Google is urging consumers to be wary of applications that offer payment in exchange for "unused bandwidth" or "sharing your internet." These apps are primary ways for illicit proxy networks to grow, and could open security vulnerabilities on the device's home network.

As Google notes, the proxy service market deserves more scrutiny. Consumers should be extremely cautious when using free VPNs and proxies - if it seems too good to be true, it probably is. By taking action against IPIDEA, Google hopes to raise awareness about these malicious services and prevent them from compromising users' devices in the future.