Even one of the best android phones you still need to be careful when downloading new apps to your device. For example, 28 applications were recently discovered on Google Play Store which hackers used to turn the smartphones on which they were installed into proxies.
As reported BleepingComputer, HUMAN’s Satori threat intelligence team discovered that these seemingly harmless apps were actually doing something suspicious in the background. Of the 28 apps listed in the report, 17 were posing as free VPN software.
While the best free VPN apps and services can further protect your online privacy, you should always be careful when installing them on your devices. As someone who tests VPNs for our reviews on Tom’s Guide, I highly recommend you invest in one of these the best VPN services instead because those paid solutions are much more reputable and many of them have their apps and services checked by third parties to ensure they don’t contain any vulnerabilities or malicious code.
Although turning your phone into a proxy isn’t nearly as bad as infecting it Android malware, it is still a cause for concern. Residential proxies have legitimate uses such as market research and search engine optimization, but in the wrong hands, as in this case, they can be used for all kinds of malicious activities from ad fraud to phishing and even credential stuffing.
Here’s everything you need to know about them good apps gone bad along with some tips on how to protect yourself from malicious apps.
Delete these apps now
Some of the apps listed below no longer contain the malicious code that was used to turn the Android smartphones running them into proxies. For those who are concerned that hackers might use their devices for cybercrime, it is recommended that you manually delete these apps if you have any of them installed on your smartphone.
- Simple VPN
- Keyboard with animations
- Blaze Stride
- Byte Blade VPN
- Launcher for Android 12
- Launcher for Android 13
- Launcher for Android 14
- CaptainDroid Feeds
- Free old classic movies
- Phone comparison
- Fast Fly VPN
- Fast Fox VPN
- Fast Line VPN
- Funny Char Ging animation
- Limousine edges
- VPN around
- Phone application launcher
- Quick Flow VPN
- An example of a VPN
- Secure the Thunder
- Safety shine
- Fast surfing
- Swift Shield VPN
- Turbo Track VPN
- Turbo Tunnel VPN
- Yellow Flash VPN
- VPN Ultra
- Start VPN
Turning phones into proxies
The one thing that all 28 of these apps have in common is that they used LumiApps’ software development kit (SDK). The company also runs an Android app monetization platform that uses a device’s IP address to load web pages in the background and send any data it retrieves to businesses.
It’s usually from well-known sites and “is done in a way that never interrupts the user and is fully GDPR/CCPA compliant,” according to the LumiApps website. All of this is done with the ultimate goal of helping companies “improve their databases, offering better products, services and prices.”
On paper, this seems harmless, if a bit intrusive, but you get what you pay for when you download free apps instead of paid ones. What LumiaApps probably didn’t expect was that hackers would figure out how to use its app monetization platform for their own benefit.
After investigating these 28 apps, HUMAN security researchers discovered that they all contain a Golang library used to run proxies called “Proxylib”. The first application that the company discovered contained Proxylib was a free Android VPN app called Around VPN. Security researchers later discovered that this same library was used by LumiApps’ Android app monetization service.
Based on the findings of its investigation, HUMAN believes these malicious applications are linked to a Russian residential proxy service provider called Asocks. It is worth noting that Asocks’ service is often advertised hacker forums on the line.
Earlier this year, LumiApps released a new version of its SDK that includes Proxylib v2. Apparently, this was done to solve “integration issues”, but it is not clear whether or not hackers can also exploit this in their attacks.
Google has since removed all remaining apps, as well as any new ones that use the LumiApps SDK, from the Play Store. Likewise, some developers who used the SDK also removed it to fix their apps, although some re-released the same apps using different developer accounts.
How to protect yourself from malicious applications
When it comes to protecting yourself and your devices from malicious apps, the first thing you want to do is avoid installing unnecessary applications on your Android smartphone. Ask yourself if you need the app in question and from there you want to check its rating and reviews before installing it. However, keep in mind that reviews and ratings can be faked, which is why I always suggest watching video reviews so you can see the app in action in action.
When it comes to security, that’s what you want to be sure of Google Play Protect is enabled because it scans your existing apps and any new ones you download for malware and other threats. For added protection, you should still consider installing one of the best antivirus apps for android, also.
As for free VPN apps and free VPNs in general, I really can’t recommend them. Most VPN services are pretty cheap for what they provide and if you shop smart you can often get a great deal ExpressVPN, NordVPN, Surfshark or other top service providers. For example, I bought a 2-year subscription to Surfshark with a huge discount on Black Friday a year and a half ago and it’s still going.
Hackers and other cybercriminals will continue to release malicious apps and try to turn good apps into bad ones by injecting malicious code into them. This is because there is so much personal and financial information on our smartphones these days. This is why it is up to you to think carefully and do proper research before installing any new app on your smartphone no matter how popular it is.