If you use a VPN on Android, you’d be wise not to ignore this new warning from security experts.
The use of VPNs has exploded in recent years with this popular software able to make surfing the web more secure along with offering ways to tune into geo-fenced UK content when out of the country. Millions of us now have VPNs installed but before you start downloading any new ones on your Android phone it’s worth being aware of a new warning.
The cyber security experts at HUMAN’s Satori threat intelligence have issued an alert after discovering some VPNs are hiding a nasty surprise.
Once installed they are able to use a new threat, dubbed PROXYLIB, to perform ad fraud as well as phishing for personal data and password spraying. This is a brute force attack that attempts to log into accounts by using passwords discovered in previous data breaches.
To make things more concerning, all of the apps found to feature the malware were available via Google ’s Play Store meaning millions may have been able to access them.
All have since been banned by Google but it serves as a stark reminder to beware before installing any new software.
“HUMAN’s Satori Threat Intelligence team recently identified a cluster of VPN apps available on the Google Play Store that transformed the user’s device into a proxy node without their knowledge,” the team explained in a post on its blog.
“28 applications containing the PROXYLIB SDK identified in this report have been removed from the Play Store and HUMAN continues to work to disrupt the threat posed by PROXYLIB.”
It’s been confirmed that Google’s Play Protect service should help stop future attacks from PROXYLIB so it’s wise to make sure this function is switched on.
Unfortunately, Satori Threat Intelligence team say more attacks could be on their way and Android users need to remain vigilant when installing new VPNs.
“We expect to see the threat actor continue to evolve their TTPs in order to continue selling access to the residential proxy network generated by apps containing PROXYLIB,” Satori added.
“HUMAN recommends that users download mobile apps exclusively from official marketplaces, such as the Google Play Store or iOS App Store. Further, users should avoid clones or “mods” of popular apps which may allow malware or undesired functionality such as the PROXYLIB residential proxy node enrollment discussed in this report to masquerade as benign software.”
You can find the full list of apps thought to be affected by the Google ban. It’s currently unclear if developers knew their apps were infected with the threat or if it was added at a later date by cyber criminals
• Lite VPN
• Anims Keyboard
• Blaze Stride
• Byte Blade VPN
• Android 12 Launcher
• Android 13 Launcher
• Android 14 Launcher
• CaptainDroid Feeds
• Free Old Classic Movies
• Phone Comparison
• Fast Fly VPN
• Fast Fox VPN
• Fast Line VPN
• Funny Char Ging Animation
• Limo Edges
• Oko VPN
• Phone App Launcher
• Quick Flow VPN
• Sample VPN
• Secure Thunder
• Shine Secure
• Speed Surf
• Swift Shield VPN
• Turbo Track VPN
• Turbo Tunnel VPN
• Yellow Flash VPN
• VPN Ultra
• Run VPN
Of course, many VPNs are totally safe to use, just make sure they are reputable, have good reviews and are downloaded from an official source.
