A report published by Satori’s threat intelligence team at HUMAN has just released a list of 28 apps on the Google Play Store that can effectively turn Android phones into proxy servers. 17 of these apps are actually VPNs, which people often use to bypass internet blocks or mask their identity, all things considered. Despite the fact that this is the case, their phones may actually be getting used to cover up cybercrime cases.
With all of this said and set aside for now, it’s important to note that these 17 apps were available for free, which might make them more tempting to download than they would otherwise be. The apps, VPN or otherwise, are as follows:
- Simple VPN
- Keyboard with animations
- Blaze Stride
- Byte Blade VPN
- Launcher for Android 12 (by CaptainDroid)
- Launcher for Android 13 (by CaptainDroid)
- Launcher for Android 14 (by CaptainDroid)
- CaptainDroid Feeds
- Free Old Classic Movies (by CaptainDroid)
- Phone Comparison (by CaptainDroid)
- Fast Fly VPN
- Fast Fox VPN
- Fast Line VPN
- Funny Char Ging animation
- Limousine edges
- VPN around
- Phone application launcher
- Quick Flow VPN
- An example of a VPN
- Secure the Thunder
- Safety shine
- Fast surfing
- Swift Shield VPN
- Turbo Track VPN
- Turbo Tunnel VPN
- Yellow Flash VPN
- VPN Ultra
- Start VPN
These apps contain a monetization app called LumiApps. The way this works is that the web page is loaded in the background using the device’s unique IP address which then retrieves the data. The data is then sent to the companies. It is worth mentioning that the use of this application is GDPR compliant, but it has also been used to turn devices into proxies.
Image: HumanSecurity
After this report was published, Google ended up removing all apps using this monetization platform due to the fact that this is the type of thing that could potentially stop this campaign. Those apps are now available again, although they likely no longer contain LumiApps. Google Play Protect can now detect the use of this SDK, and the presence of these apps means that the SDK is no longer present.
Despite the fact that this is the case, some of these applications were transferred from different accounts. This seems to suggest that the app publisher is trying to circumvent previous bans, and it remains to be seen what Google will ultimately do about this matter.
Any user using any of the above applications would do well to delete them as soon as possible. If they don’t, their devices could turn into proxies at this point.
Read next: Cyberbullying increased after pandemic, new report finds