Millions of us use VPNs every day with these virtual private networks offering a more secure way of logging onto the web while allowing users to access UK streaming content when abroad. They’re hugely popular apps, but a new warning from cyber experts from HUMAN’s Satori threat intelligence team might make you think twice before installing one on your phone.
A worrying report – published this week – has revealed a new danger when using some VPNs with a number of apps containing a threat called PROXYLIB. This malware can perform a number of worrisome activities on devices including ad fraud, identity theft for data, spamming other users in your contacts, and password hashing – a type of brute force attack that attempts to log into accounts.
A total of 28 apps were found to contain this threat, all available for download via Google’s Play Store – they have since been banned.
“HUMAN’s Satori Threat Intelligence team recently identified a cluster of VPN apps available on the Google Play Store that transformed a user’s device into a proxy node without their knowledge,” the team explained in a blog post.
“The 28 apps containing the PROXYLIB SDK identified in this report have been removed from the Play Store and HUMAN continues to work to disrupt the threat posed by PROXYLIB.”
Along with removing problematic apps, Android users should be protected from future PROXYLIB attacks thanks to Google Play Protect, which is turned on by default on most devices.
Of course, many VPNs are completely safe to use and you can read our guide to the best VPNs here.
Despite this, the Satori Threat Intelligence team says that there could be new attacks and that Android users should remain cautious when installing new VPNs.
“We expect that the threat actor will continue to develop their TTPs to continue selling access to the residential proxy network generated by applications containing PROXYLIB,” Satori added.
“HUMAN recommends that users download mobile applications exclusively from official markets, such as the Google Play Store or the iOS App Store. Furthermore, users should avoid clones or “mods” of popular applications that may enable malware or unwanted functions such as PROXYLIB residential The node proxy entry discussed in this report masquerades as benign software.”
You can find the full list of apps that are considered to be affected by Google’s ban. It is currently unclear whether developers knew their apps were infected with the threat or whether cybercriminals added it later
• Simple VPN
• Keyboard with pictures
• Blaze Stride
• Byte Blade VPN
• Launcher for Android 12
• Launcher for Android 13
• Launcher for Android 14
• CaptainDroid Feeds
• Free old classic movies
• Phone comparison
• Fast Fly VPN
• Fast Fox VPN
• Fast Line VPN
• Funny Char Ging animation
• Limousine edges
• About VPN
• Phone application launcher
• Quick Flow VPN
• Example of a VPN
• Secure the Thunder
• Shine Secure
• Fast surfing
• Swift Shield VPN
• Turbo Track VPN
• Turbo Tunnel VPN
• Yellow Flash VPN
• VPN Ultra
• Start VPN