Nearly two dozen free Android VPN apps actually turned host devices into residential proxies, researchers reported. All the apps were subsequently removed from the Play Store, and some have returned after cleaning up their code.
Cybersecurity researchers from HUMAN’s Satori Intelligence team recently discovered a total of 28 apps, all of which had the “Proxylib” software development kit (SDK). This SDK, built in the Golang programming language, is designed to perform proxying, the process of routing Internet traffic through third-party devices.
All the apps were subsequently removed from the Play Store, and some have returned after cleaning up their code.
Russian fingers
Although a proxy has its legitimate, legal use cases, when it is not clearly stated in the application, it is most likely criminal. Hackers use it to hide their traffic while committing ad fraud, identity theft and more.
Of the 28 apps, 17 were free VPN apps. Here is the full list:
- Simple VPN
- Keyboard with animations
- Blaze Stride
- Byte Blade VPN
- Launcher for Android 12 (by CaptainDroid)
- Launcher for Android 13 (by CaptainDroid)
- Launcher for Android 14 (by CaptainDroid)
- CaptainDroid Feeds
- Free Old Classic Movies (by CaptainDroid)
- Phone Comparison (by CaptainDroid)
- Fast Fly VPN
- Fast Fox VPN
- Fast Line VPN
- Funny Char Ging animation
- Limousine edges
- VPN around
- Phone application launcher
- Quick Flow VPN
- An example of a VPN
- Secure the Thunder
- Safety shine
- Fast surfing
- Swift Shield VPN
- Turbo Track VPN
- Turbo Tunnel VPN
- Yellow Flash VPN
- VPN Ultra
- Start VPN
Researchers speculate that these apps are related to Asocks, a Russian residential proxy service provider, given that many of the apps are linked to Asocks’ website, and Asocks’ service is commonly promoted to cybercriminals on hacking forums.
After discovering the apps, Google removed all of them from the Play Store, and some have reappeared, presumably after removing the malicious SDK.
Users would be wise to check if some of their apps are still listed in the Play Store and remove them if they are not. Alternatively, they should at least update them to the latest version.
Over it BleepingComputer