More than 15 free VPN apps on Google Play were found to use malicious software development kits (SDKs), turning devices into unwanted residential proxies that could be exploited by cybercriminals. Residential proxies enable anonymous web browsing by borrowing residential IP addresses from other users' devices.
Although residential proxies are often used for legitimate purposes such as market research, ad verification, SEO, many cybercriminals use them to hide malicious activities such as ad fraud, spam, phishing, credential stuffing (stuffing authentication information) and password spraying (using a common password to guess all accounts in the system).
Users can voluntarily sign up for proxy services to earn money or receive rewards, but some proxy services employ shady and unethical ways to secretly install proxy tools on people's devices. honey. At that time, the victim's Internet bandwidth is taken over without their knowledge and is at risk of legal trouble if malicious behavior occurs.
Security firm Human's Satori cyber intelligence division has listed 28 apps on Google Play that secretly turn Android devices into proxy servers. Of these, 17 exist as free VPN software. They all use the LumiApps SDK which contains “Proxylib”, a Golang library for implementing proxies.
Human discovered the first application containing Proxylib in May 5, which was a VPN application called Oko VPN. After the investigation, the company announced 2023 applications that use the ProxyLib library to turn Android devices into proxies, which are:
LiteVPN
Animas Keyboard
Blaze Stride
Byte Blade VPN
Android 12 Launcher (by CaptainDroid)
Android 13 Launcher (by CaptainDroid)
Android 14 Launcher (by CaptainDroid)
CaptainDroid Feeds
Free Old Classic Movies (by CaptainDroid)
Phone Comparison (by CaptainDroid)
Fast Fly VPN
Fast Fox VPN
Fast Line VPN
Funny Char Ging Animation
Slime Edges
Okay VPN
Phone App Launcher
Quick Flow VPN
Sample VPN
Secure Thunder
Shine Secure
Speed Surf
Swift Shield VPN
Turbo Track VPN
LumiApps is an Android app monetization platform. Its SDK will use the device's IP address to load the web in the background and send the retrieved data to companies. The company claims this is fully compliant with data regulations.
Following Human's report, Google removed all apps using the LumiApps SDK from the Play Store in February 2 and updated Google Play Protect to detect LumiApps libraries in apps. Meanwhile, some removed apps have reappeared on the Play Store, possibly the developers have removed the LumiaApps SDK.
To protect themselves, users of any of the above-mentioned apps should remove them from their devices. Additionally, using paid VPN apps can be more secure than free services.
(According to Bleepingcomputer)
