Over 15 free VPN apps on Google Play have been found to use malicious software development kits (SDKs), turning devices into unwanted residential proxies that can be exploited by cybercriminals. Residential proxies allow anonymous web browsing by borrowing a residential IP address from another user's device.
While residential proxies are often used for legitimate purposes such as market research, ad verification, and SEO, many cybercriminals use them to conceal malicious activities such as ad fraud, spam, scams, credential stuffing, and password spraying.
Users may voluntarily sign up for proxy services to earn money or receive rewards, but some proxy services employ shady and unethical methods to secretly install proxy tools on people's devices. As a result, victims have their internet bandwidth hijacked without their knowledge and risk legal trouble if malicious activity occurs.
Human Security's Satori Cyber Intelligence Unit has listed 28 apps on Google Play that secretly turn Android devices into proxy servers. Of these, 17 exist as free VPN software. All of them use the LumiApps SDK, which contains "Proxylib," a Golang library for implementing proxies.
Human discovered the first app containing Proxylib in May 2023, which was a VPN app called Oko VPN. After an investigation, the company announced 28 apps that use the ProxyLib library to turn Android devices into proxies, namely:
Lite VPN
Anims Keyboard
Blaze Street
Byte Blade VPN
Android 12 Launcher (by CaptainDroid)
Android 13 Launcher (by CaptainDroid)
Android 14 Launcher (by CaptainDroid)
CaptainDroid Feeds
Free Old Classic Movies (by CaptainDroid)
Phone Comparison (by CaptainDroid)
Fast Fly VPN
Fast Fox VPN
Fast Line VPN
Funny Char Ging Animation
Limo Edges
Oko VPN
Phone App Launcher
Quick Flow VPN
Get VPN
Secure Thunder
Shine Secure
Speed Surf
Swift Shield VPN
Turbo Track VPN
LumiApps is an Android app monetization platform. Its SDK uses the device's IP address to load web pages in the background and send the retrieved data to companies. The company claims this fully complies with data protection regulations.
Following Human's report, Google removed all apps using the LumiApps SDK from the Play Store in February 2024 and updated Google Play Protect to detect LumiApps libraries within apps. Meanwhile, some of the removed apps have reappeared on the Play Store, possibly because the developers have removed the LumiApps SDK.
To protect themselves, users of any of the aforementioned apps should delete them from their devices. Additionally, using paid VPN apps may be safer than free services.
(According to Bleepingcomputer)
Source
![[Photo] Explore the US Navy's USS Robert Smalls warship](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F10%2F1765341533272_11212121-8303-jpg.webp&w=3840&q=75)
![[Video] The craft of making Dong Ho folk paintings has been inscribed by UNESCO on the List of Crafts in Need of Urgent Safeguarding.](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/10/1765350246533_tranh-dong-ho-734-jpg.webp)
Comment (0)