News
Google shuts down Chinese malware hiding inside nine millions phones.
AI
Leon Wilfan
Feb 10, 2026
17:30
Disruption snapshot
Google went to federal court and shut down a Chinese proxy network. It removed domains and apps, and cut off about nine million Android phones used as hidden internet relays.
Winners: Google, Android users, and defenders of critical infrastructure. Losers: proxy sellers like Ipidea, malware-based networking SDKs, and state hackers relying on cheap, deniable scale.
Watch whether courts approve more platform-led takedowns. Track new rules on proxy, VPN, and bandwidth-sharing apps, plus any rise in quieter retaliation like influence ops.
Google (GOOGL) has a Disruption Score of 4.
Google (GOOGL) just ripped out a Chinese-built proxy network that was hiding inside millions of everyday phones and apps.
This was a full-on hacking infrastructure. Similar to AI and data centers infrastructure.
And Google didn’t just flag it.
It killed it under a federal court order, wiping dozens of domains and pulling malicious apps off roughly nine million Android devices.
The network was run by Ipidea, a Chinese company that sells proxy access. According to security researchers, its software piggybacked on legitimate downloads and turned consumer devices into traffic relays. If your phone had one of these apps, strangers could route their internet traffic through you. That’s gold for hackers who don’t want to be seen.
Google took the unusual step of going straight to court, then directly removing the infrastructure. That tells you how seriously this was treated. Proxy networks like this are how modern cyber operations scale. You don’t use your own servers. You rent the internet of millions of people who never agreed to be part of the operation.
The disruption behind the news: China’s cyber strategy has shifted from data theft to positioning.
The goal isn’t just stealing files.
It’s preparing access to systems that matter when things get serious.
Power. Water. Ports. Telecom.
Hackers like Volt Typhoon and Salt Typhoon want to get inside civilian infrastructure. Blend in. Sit there.
What Ipidea enabled was scale and deniability. Tens of millions of devices across more than 200 countries, according to the company’s own claims. Even if only a fraction were active, that’s a global mesh that’s hard to block and almost impossible to track in real time.
Google breaking that mesh matters because it raises the cost curve for these operations. Building clean proxy capacity is expensive. Maintaining it without malware is slower. Renting it from cloud providers leaves fingerprints. Taking nine million endpoints off the table doesn’t stop state-backed hacking, but it forces a rebuild.
There’s another layer here. In December 2024, Chinese officials privately acknowledged hacking U.S. infrastructure and tied it to Taiwan. It says these systems are viewed as leverage, not accidents.
Now add AI to the mix. Anthropic disclosed that Chinese state-backed hackers used its Claude model in intrusions across about 30 U.S. organizations. Plain language prompts. Automated execution. Less skill required, more volume possible.
This is what disruption looks like in the world of cybersecurity and state-backed hackers. AI is one of the 7 disruptive technologies that will change the world.
What to watch next.
First, expect more court-backed takedowns.
Google set a precedent. If you control an ecosystem, you’re now expected to act inside it. Apple, Microsoft, and telecom operators are next.
Second, watch for retaliation through softer channels.
There will be more subtle manipulation. More quiet break-ins through trusted partners. And fewer dramatic hacks you hear about on the news. Instead of big hacks, attackers will stay hidden longer and cause damage slowly over time.
Third, infrastructure operators.
They should expect attackers to stay inside systems for years, not just days. Watching, learning, and waiting, instead of breaking in and leaving right away. If you run water, power, ports, or telecom, the question isn’t if someone got in. It’s whether they’re still there.
Finally, expect regulation to harden.
Proxy services, VPNs, and device-level networking SDKs are about to get a lot more scrutiny. If your business model depends on quietly using customers’ internet connections, regulators and platforms are likely to shut that down fast.
Google shutting down Chinese Malware is likely just the tip of the iceberg. Don't be surprised if more state-backed malware like this floats to the surface.
Google (GOOGL) has a Disruption Score of 4. Click here to learn how we calculate the Disruption Score.
Google is also part of the Disruption Aristocrats, our quarterly list of the world’s top disruptive stocks.
Recommended Articles
