Exposing the Hidden: Free VPN Transforming Your Android into Proxies

Free VPN

Exposing the Hidden: Free VPN Transforming Your Android into Proxies

A shocking revelation has come to light. Over 15 free VPN apps on Google Play were found using a malicious software development kit. This kit turned Android devices into unwitting residential proxies. These proxies are likely used for cybercrime and shopping bots.

free-vpn-apps-for-android-1024x682 Exposing the Hidden: Free VPN Transforming Your Android into Proxies

The Investigation

In May 2023, HUMAN’s Satori Threat Intelligence team made a startling discovery. They found that Oko VPN, a free Android VPN app, was using a Golang library. This library performed proxy node enrollment.
Further investigation unearthed connections to ‘Asocks’. This is a shady residential proxy seller. It suggested a monetization scheme. The app was using a specific Software Development Kit (SDK), identified as LumiApps. This SDK performed the enrollment to proxy services covertly.

The users, and perhaps even the VPN app developers, were unaware of this. Although not necessarily a threat to the victims’ privacy or security, being used as a proxy for potentially malicious operations can cause problems. It eats up people’s available bandwidth and can get them into legal trouble.

The Impact

By digging deeper, HUMAN discovered 28 applications. All of these were utilizing the same SDK. Among them, 17 were free VPN apps. Here’s a list of some of the Android free VPN apps that acted as network traffic proxies:

  • Lite VPN
  • Byte Blade VPN
  • Fast Fly VPN
  • Fast Fox VPN
  • Oko VPN
  • Quick Flow VPN
  • Secure Thunder
  • Shine Secure
  • Speed Surf
  • Swift Shield VPN
  • Turbo Track VPN
  • Turbo Tunnel VPN
  • Yellow Flash VPN
  • VPN Ultra
  • VPN Run
  • The Aftermath

HUMAN reported its findings to Google. The tech firm removed the offending apps from Google Play. Some of the apps were cleaned by their developers and returned to the store. So, it is assumed that they are safe to use now.

Despite HUMAN’s reporting and Google’s cleaning efforts, the malicious SDK continues to be promoted to unsuspecting app developers. This fact raises the possibility of Proxylib making a comeback on millions of phones. It could happen through Android VPN or other types of apps on the Playstore.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment