Gandalf_The_Grey
Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,084
A report published today by HUMAN's Satori threat intelligence team lists 28 applications on Google Play that secretly turned Android devices into proxy servers. Of these 28 applications, 17 were passed off as free VPN software.
Satori analysts report that the offending apps were all using a software development kit (SDK) by LumiApps that contained "Proxylib," a Golang library to perform the proxying.
HUMAN discovered the first PROXYLIB carrier app in May 2023, a free Android VPN app named "Oko VPN." The researchers later found the same library used by the LumiApps Android app monetization service.
"In late May 2023, Satori researchers observed activity on hacker forums and new VPN applications referencing a monetization SDK, lumiapps[.]io," explains the Satori report.
"Upon further investigation, the team determined that this SDK has exactly the same functionality and uses the same server infrastructure as the malicious applications analyzed as part of the investigation into the earlier version of PROXYLIB. "
A subsequent investigation revealed a set of 28 apps that utilized the ProxyLib library to convert Android devices into proxies, which are listed below:
- Lite VPN
- Anims Keyboard
- Blaze Stride
- Byte Blade VPN
- Android 12 Launcher (by CaptainDroid)
- Android 13 Launcher (by CaptainDroid)
- Android 14 Launcher (by CaptainDroid)
- CaptainDroid Feeds
- Free Old Classic Movies (by CaptainDroid)
- Phone Comparison (by CaptainDroid)
- Fast Fly VPN
- Fast Fox VPN
- Fast Line VPN
- Funny Char Ging Animation
- Limo Edges
- Oko VPN
- Phone App Launcher
- Quick Flow VPN
- Sample VPN
- Secure Thunder
- Shine Secure
- Speed Surf
- Swift Shield VPN
- Turbo Track VPN
- Turbo Tunnel VPN
- Yellow Flash VPN
- VPN Ultra
- Run VPN
Free VPN apps on Google Play turned Android phones into proxies
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots.
www.bleepingcomputer.com