These VPN Apps Are Turning Android Phones into Cybercrime Proxies

A report put out by the Satori threat intelligence team at HUMAN has just published a list of 28 apps on the Google Play Store that can effectively turn Android phones into proxy servers. 17 of these apps are actually VPNs, which people often use in order to circumvent internet blocks or mask their identity with all things having been considered and taken into account. In spite of the fact that this is the case, their phones may actually be getting used to cover up instances of cyber crime.

With all of that having been said and now out of the way, it is important to note that these 17 apps were available free of charge, which might make them more enticing to download than might have been the case otherwise. The apps, VPN or otherwise, are as follows:
  • Lite VPN
  • Anims Keyboard
  • Blaze Stride
  • Byte Blade VPN
  • Android 12 Launcher (by CaptainDroid)
  • Android 13 Launcher (by CaptainDroid)
  • Android 14 Launcher (by CaptainDroid)
  • CaptainDroid Feeds
  • Free Old Classic Movies (by CaptainDroid)
  • Phone Comparison (by CaptainDroid)
  • Fast Fly VPN
  • Fast Fox VPN
  • Fast Line VPN
  • Funny Char Ging Animation
  • Limo Edges
  • Oko VPN
  • Phone App Launcher
  • Quick Flow VPN
  • Sample VPN
  • Secure Thunder
  • Shine Secure
  • Speed Surf
  • Swift Shield VPN
  • Turbo Track VPN
  • Turbo Tunnel VPN
  • Yellow Flash VPN
  • VPN Ultra
  • Run VPN
These apps contain a monetizing app by the name of LumiApps. The way this works is that a webpage is loaded in the background using the device’s unique IP address which then retrieves data. The data is then sent to companies. It bears mentioning that the use of this app is in line with GDPR, but it also ended up being used to convert devices into proxies.

Image: HumanSecurity

After this report was published, Google ended up removing any and all apps using this monetization platform because of the fact that this is the sort of thing that could potentially end up stopping this campaign in its tracks. These apps are now available again, although they likely don’t contain LumiApps anymore. Google Play Protect is now capable of detecting the use of this SDK, and the presence of these apps indicates that the SDK isn’t present anymore.

In spite of the fact that this is the case, some of these apps were uploaded from diverging accounts. That seems to suggest that the app publisher is trying to circumvent previous bans, and it remains to be seen what Google will end up doing on the matter at hand.

Any user that is using one of the aforementioned apps would do well to delete them as soon as possible. Failing to do so could result in their devices being turned into proxies at this current point in time.

Read next: Cyberbullying Increased After the Pandemic, New Report Reveals
Previous Post Next Post