Nearly 30 malicious VPN apps with Golang library-enabled proxyware enabled Android devices to act as residential proxies that could be exploited for illicit cyber activities as part of Operation PROXYLIB, The Hacker News reports.
Threat actors could use the apps, all of which have already been removed from the Google Play store, to disguise various cyberattacks, according to a report by HUMAN’s Satori Threat Intelligence team.
“When a threat actor uses a residential proxy, traffic from these attacks appears to come from different residential IP addresses instead of data center IPs or other parts of the threat actor’s infrastructure. Many threat actors buy access to these networks to facilitate their operations,” they said. researchers.
The development follows a report by Orange Cyberdefense and Sekoia detailing the integration of proxyware within products or services that can be installed without users noticing.