Watch out — that free Android VPN app could hijack your device

CDN

Almost two dozen free Android VPN apps were actually turning host devices into residential proxies, researchers have revealed announced. All of the apps were subsequently removed from the Play Store, with some making a comeback after cleaning up their code.

Cybersecurity researchers from HUMAN’s Satori Intelligence Team recently discovered a total of 28 apps, all of which had the “Proxylib” software development kit (SDK). This SDK, built in the Golang programming language, was designed to do the proxying, a process in which internet traffic is routed through third-party devices. 

All of the apps were subsequently removed from the Play Store, with some making a comeback after cleaning up their code.

Russian fingers

While proxying has its legitimate, legal use cases, when it’s not clearly stated in the app, it’s most likely criminal. Hackers use it to hide their traffic as they commit ad fraud, phishing, and more. 

Of the 28 apps, 17 were free VPN apps. Here is the full list:

  • Lite VPN
  • Anims Keyboard
  • Blaze Stride
  • Byte Blade VPN
  • Android 12 Launcher (by CaptainDroid)
  • Android 13 Launcher (by CaptainDroid)
  • Android 14 Launcher (by CaptainDroid)
  • CaptainDroid Feeds
  • Free Old Classic Movies (by CaptainDroid)
  • Phone Comparison (by CaptainDroid)
  • Fast Fly VPN
  • Fast Fox VPN
  • Fast Line VPN
  • Funny Char Ging Animation
  • Limo Edges
  • Oko VPN
  • Phone App Launcher
  • Quick Flow VPN
  • Sample VPN
  • Secure Thunder
  • Shine Secure
  • Speed Surf
  • Swift Shield VPN
  • Turbo Track VPN
  • Turbo Tunnel VPN
  • Yellow Flash VPN
  • VPN Ultra
  • Run VPN

The researchers speculate that these apps are linked to Asocks, a Russia-based residential proxy service provider, given that many apps connected to the Asocks’ website, and the Asocks service is commonly promoted to cybercriminals on hacking forums.

After discovering the apps, Google removed all of them from the Play Store, with some reappearing, possibly after removing the malicious SDK. 

Users would be wise to double-check if any of their apps are still listed on the Play Store, and remove them if they’re not. Alternatively, they should at least keep them updated to the latest version.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.