Watch Out For 28 VPNs and This Application is Listed as a Google Warning Indicating Malware

Morrissey Technology – The use of VPNs has surged in recent years along with the growing need to browse the web more safely and avoid geo-fenced content.

Millions of people have installed VPNs on their Android phones, but it’s a good idea to pay attention to these warnings before downloading a new VPB on your device.

The HUMAN team of cybersecurity experts at Satori threat intelligence has issued a warning after discovering some VPN malware and bad software.

Once installed, they can use a new threat, called PROXYLIB, to carry out ad fraud as well as phishing for personal data and password spraying. This is a brute force attack that attempts to break into accounts using passwords found in previous data breaches.

Even more concerning, all the apps found to contain the malware were available through the Google Play Store, meaning millions of people may have been able to access them.

All of them have been banned by Google but this serves as a reminder to be careful before installing new software.

“The Satori Threat Intelligence HUMAN team recently identified a group of VPN apps available on the Google Play Store that turn users’ devices into proxy nodes without their knowledge,” the team explained in a blog post.

“The 28 apps containing the PROXYLIB SDK identified in this report have been removed from the Play Store and HUMAN continues to work to stop the threat posed by PROXYLIB.”

It has been confirmed that the Google Play Protect service will help stop PROXYLIB FOR4D attacks in the future, so it’s best to make sure this function is enabled.

Unfortunately, the Satori Threat Intelligence team says more attacks are possible and Android users should remain vigilant when installing a new VPN.

“We hope that threat actors will continue to develop their TTPs to continue selling access to residential proxy networks generated by applications containing PROXYLIB,” Satori added as reported by the Mirror.

“HUMAN recommends that users download mobile applications exclusively from official marketplaces, such as the Google Play Store or iOS App Store. Furthermore, users should avoid clones or “mods” of popular applications that may allow malware or unwanted functions such as the PROXYLIB residential proxy registration of the nodes discussed in this report to masquerade as harmless software.”

You can find a complete list of apps expected to be impacted by Google’s ban. It is currently unclear whether developers knew their apps were infected with the threat or whether they were added later by cybercriminals.

The following is a list of applications affected by Google’s ban :

• Lite VPN

• Anims Keyboard

• Blaze Stride

• Byte Blade VPN

• Android 12 Launcher

• Android 13 Launcher

• Android 14 Launcher

• CaptainDroid Feeds

• Free Old Classic Movies

• Phone Comparison

• Fast Fly VPN

• Fast Fox VPN

• Fast Line VPN

• Funny Char Ging Animation

• Limo Edges

• Oko VPN

• Phone App Launcher

• Quick Flow VPN

• Sample VPN

• Secure Thunder

• Shine Secure

• Speed Surf

• Swift Shield VPN

• Turbo Track VPN

• Turbo Tunnel VPN

• Yellow Flash VPN