VPNs are a useful tool for users looking to have a secure online communication or access information and content which has been geo-blocked. However, threat actors make use of interest in free VPN services to target users. Over 15 VPN apps on Google Play were found to be using malicious development kits to turn users’ devices into residential proxies that are likely being used for cybercrime and shopping bots, a report from Bleeping Computer said. .
A residential proxy turns a device into a router for internet traffic for other users. This helps the traffic routed through the device to evade scrutiny, making it less likely to be blocked. While there are legitimate uses for this, cybercriminals are now using them to conceal malicious activities, including ad fraud, spamming, phishing, credential stuffing, and password spraying.
Users can opt to register their devices for proxy in return for monetary or other rewards. But some of the proxy services employ unethical means to install proxying tools on users’ devices secretly. This can lead to the hijacking of the internal bandwidth of users’ devices without their knowledge. Routing of malicious requests and content from affected devices can also land innocent victims into legal trouble due to appearing as the source of malicious activity.
The dangerous part is that users may not become aware of the use of their device as a proxy since this is done in a way that never interrupts the users experience.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
While it is unclear if developers were aware that their apps were being used to turn users’ devices into proxy servers, Google has removed apps that made use of the underlying development kits that made this possible.
Some of the VPN apps that were found to contain the offending kits were removed from the Google Play Store, and then returned presumably after their developers removed the offending code. Users are advised to either update their apps to the latest versions of the app, that are now safe to use. However, if the app was removed from Google Play Store and no safe versions exist, users are advised to uninstall the app and opt for paid VPN service providers instead of free services as free versions are more likely to implement indirect monetisation systems, including data collecting/selling, advertising, and enrolment in proxy services.
