Security researchers from Human Security’s Satori Threat Intelligence and Research team have revealed a new type of threat hidden in malicious Google Play apps: apps that turn your phone into a proxy that other people can use to browse the Internet.
Some 28 apps have been identified by the team, most of them VPN, and have already been removed from Google Play, although if any of them are still installed on your mobile you should remove them as soon as possible because they allow other people – and attackers – are using your Internet connection without you knowing it.
Your cell phone becomes a proxy and you don’t even know it
Malware continues to lurk on Google Play and in all its forms. The latter does not seek to steal your banking details or your passwords, but use your cell phone as a proxy network node
The researchers called this operation ProxyLIB because it is a library distributed via an SDK, LumiApps SDK, which is offered to application developers such as a new way to monetize your applications: sell your users’ Internet connections and, better yet, without their knowledge.
ProxyLib architecture overview, by Human Security
ProxyLib was found for the first time on Google Play last year on Oko VPNalthough over time more and more apps including this SDK appeared and ended up being published on Google Play.
Perhaps most dangerous is that the LumiApps SDK, which includes the malicious code to turn any app into malware, is extremely simple to use: you download an APK and download the free version with the malware, ready for distribution . According to security researchers, this causes be included in application MODssince it is not necessary to have access to the original source code of the application.
Two of the apps contain malware
It is curious that the malicious SDK apparently has a warning screen in its code where users are informed that they agree to share their Internet connection with strangers in exchange for using the app, but researchers at Human Research claim they have not seen this notice in any of the malware. cases. SDK adds malicious code but not warning window.
For users, making their mobile phone a node in a proxy network poses a serious security problem because they cannot know What will your Internet connection be used for? and in many cases it will be used to carry out illegal activities such as coordinated attacks, spamming or others.
For attackers, using a proxy network allows them hide your IP addresses so that the connections appear to come from a series of ordinary users and not as part of a coordinated attack from a specific source.
In total, they found 28 apps available on Google Play with this bookstore inside. Although they are not on Google Play, you can still have them on your mobile if you have already installed them. You can check the package names of installed apps with an app like App Checker. If any of these names match the following, it is recommended to uninstall it:
- app.litevpn.android
- com.anims.clavier
- com.blazestride
- com.bytebladevpn
- com.captaindroid.android12.launcher
- com.captaindroid.android13.launcher
- com.captaindroid.android14.launcher
- com.captaindroid.feeds
- com.captaindroid.free.old.classic.movies
- com.captaindroid.phone.comparison
- com.fastflyvpn
- com.fastfoxvpn
- com.fastlinevpn.android
- com.funnychar.ginganimation
- com.limo.edges
- com.okovpn.app
- com.phone_app.launcher
- com.quickflowvpn
- com.samplevpn
- com.securethunder
- com.shinesecure
- com.speedsurf
- com.swiftshield.android
- com.turbotrackvpn
- com.turbotunnelvpn
- com.jauneflashvpn
- io.vpnultra
- run.vpn
By | Human security
In Xataka Android | The 9 best free antiviruses for mobile
