Numerous Android VPN applications that are free of charge have been identified as supporting a deceptive residential proxy operation called ‘Proxylib,' according to researchers.
Proxylib infects Android devices with a hidden agent that carries out malicious activities, such as ad fraud, bot manipulation, and even more perilous operations like spreading malware and launching phishing campaigns. This agent redirects user traffic through the infected Android devices, making it seem as though it is originating from a legitimate, non-blocklisted source, specifically a residential IP address.
In May 2023, HUMAN's Satori Threat Intelligence team discovered that the Oko VPN, which is a free VPN application available on the Google Play store, employed a Golang library for enrolling proxy nodes. Upon further investigation, connections to ‘Asocks,' a dubious seller of residential proxies, were uncovered, indicating the involvement of a monetization scheme.
The application utilized a specific Software Development Kit (SDK), known as LumiApps, to secretly enroll users in proxy services without their knowledge or consent. It is possible that even the developers of the VPN app were unaware of this activity.
While this may not directly threaten the privacy or security of the victims, it does consume their available bandwidth and could potentially lead to legal issues, as their IP address is used as the source of the suspicious activity.
Upon further investigation, HUMAN discovered 28 applications that all employed the same SDK, with 17 of them being free VPN apps. The following is a list of Android free VPN apps that acted as proxies for network traffic:
- Byte Blade VPN
- Fast Fly VPN
- Fast Fox VPN
- Fast Line VPN
- Lite VPN
- Oko VPN
- Quick Flow VPN
- Sample VPN
- Secure Thunder
- Shine Secure
- Speed Surf
- Swift Shield VPN
- Turbo Track VPN
- Turbo Tunnel VPN
- Yellow Flash VPN
- VPN Ultra
- VPN Run
HUMAN notified Google of its discoveries, leading the tech company to remove the problematic applications from Google Play. After being cleaned by their developers, some of the apps were reinstated on the platform, suggesting that they are now considered safe for use.
Nonetheless, we strongly urge readers to avoid free VPN apps altogether, which have a troubling history of data collection, security issues, and poor performance. After all, one must also consider how free VPNs make money to operate the service. The answer usually lies on monetizing the user, such as with collecting user data (web history or location tracking) that is valuable to advertising networks.
Apps such as Oko VPN and Fast Fox VPN, for instance, can currently be found on Google Play and have amassed thousands of downloads each. The most popular among them is Lite VPN, which boasts an impressive 1 million downloads.
It's important to note that good reviews on the Google Play store are no indication of how secure or private a free VPN app actually is. Many of these dangers free VPN apps garnered positive reviews and high ratings, despite the risks.
Despite HUMAN's efforts to report and Google's attempts to clean up, the malicious SDK continues to be promoted to unsuspecting app developers. This raises the concern that Proxylib may make a comeback on millions of smartphones through Android VPN or other similar apps available on the Play store.
To conclude, we strongly advise against using free VPN apps due to the inherent risks and drawbacks associated with this choice. These risks include data logging practices, weaker encryption standards, outdated protocols, ad injection practices, limited server options, subpar performance, lack of customer support, and ultimately the utilization of user devices as residential proxies.
Atlas VPN Announces Shutdown, All Users to Be Moved to NordVPN
Leave a Reply