The malicious library makes the user an accomplice in online fraud.
28 free VPN apps on Google Play used a malicious SDK, turning Android devices into resident proxies, probably used for cybercrime and bots.
The HUMAN found that malicious apps used the LumiApps SDK, which contained the Proxylib library for organizing proxies. A total of 28 apps were identified that secretly turned Android devices into proxy servers, among which 17 disguised themselves as free VPN apps.
Proxy organization scheme inAndroid smartphone
LumiApps, an Android app monetization platform, claims that its SDK uses the device's IP address to load web pages in the background, data from which is then transmitted to companies. According to LumiApps, this is done in such a way as not to interfere with the user in any way and fully comply with the legislation (GDPR/CCPA).
However, it is unclear whether developers of free apps were aware that the SDK turns users ' devices into proxy servers that can be used for cybercrime activities, including ad fraud, spam, phishing, credential matching, and brute-force attacks.
HUMAN assumes that malicious applications communicate with the Asocks resident proxy service provider based on detected connections to the provider's website. In addition, the Asocks service is often promoted by cybercriminals on hacker forums.
MaliciousVPN services
Following the HUMAN report, Google removed all apps that use the LumiApps SDK from the Play Store, and also updated Google Play Protect to detect LumiApp libraries used in apps.
However, many of the detected apps are now available on Google Play again, presumably after their developers removed the LumiApps SDK. Sometimes apps were published from other developer accounts, which may indicate previous account blockages.
Experts recommend that you update your used apps to the latest versions that don't use this SDK, but rather delete them altogether.
28 free VPN apps on Google Play used a malicious SDK, turning Android devices into resident proxies, probably used for cybercrime and bots.
The HUMAN found that malicious apps used the LumiApps SDK, which contained the Proxylib library for organizing proxies. A total of 28 apps were identified that secretly turned Android devices into proxy servers, among which 17 disguised themselves as free VPN apps.
Proxy organization scheme inAndroid smartphone
LumiApps, an Android app monetization platform, claims that its SDK uses the device's IP address to load web pages in the background, data from which is then transmitted to companies. According to LumiApps, this is done in such a way as not to interfere with the user in any way and fully comply with the legislation (GDPR/CCPA).
However, it is unclear whether developers of free apps were aware that the SDK turns users ' devices into proxy servers that can be used for cybercrime activities, including ad fraud, spam, phishing, credential matching, and brute-force attacks.
HUMAN assumes that malicious applications communicate with the Asocks resident proxy service provider based on detected connections to the provider's website. In addition, the Asocks service is often promoted by cybercriminals on hacker forums.
MaliciousVPN services
Following the HUMAN report, Google removed all apps that use the LumiApps SDK from the Play Store, and also updated Google Play Protect to detect LumiApp libraries used in apps.
However, many of the detected apps are now available on Google Play again, presumably after their developers removed the LumiApps SDK. Sometimes apps were published from other developer accounts, which may indicate previous account blockages.
Experts recommend that you update your used apps to the latest versions that don't use this SDK, but rather delete them altogether.
