Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations. Read More
Related Posts
When it rains, it pours.
When it rains, it pours.
Advanced wiper malware hits Ukraine. Nemesis gets dismantled. Apple deals with an unpatchable vulnerability. FortiGuard rises to the rescue. CISA and FBI join forces against DDoS attacks. US airlines data security and privacy policies are under review. Hackers hit thousands in Jacksonville Beach. Geoffrey Mattson, CEO of Xage Security sits down to discuss CISA’s 2024 JCDC priorities. And Hotel keycard locks can’t be that hard to crack. Read More
The CyberWire
Free VPN apps turn Android phones into criminal proxies
Free VPN apps turn Android phones into criminal proxies
[[{“value”:”
Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users’ devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB.
Cybercriminals and state actors like to send their traffic through other people’s devices, known as proxies. This allows them to use somebody else’s resources to get their work done, it masks the origin of their attacks so they are less likely to get blocked, and it makes it easy for them to keep operating if one of thier proxies is blocked.
An entire underground market of proxy networks exists to service this desire, offering cybercriminals flexible, scalable platfroms from which to launch activities like advertising fraud, password spraying, and credential stuffing attacks.
The researchers at HUMAN found 28 apps on Google Play that turned unsuspecting Android devices into proxies for criminals. 17 of the apps were free VPNs. All of them have now been removed from Google Play.
The operation was dubbed PROXYLIB after a code library shared by all the apps that was responsible for enrolling devices into the ciminal network.
HUMAN also found hundreds of apps in third-party repositories that appeared to use the LumiApps toolkit, a Software Development Kit (SDK) which can be used to load PROXYLIB. They also tied PROXYLIB to another platform that specializes in selling access to proxy nodes, called Asocks.
Protection and removal
Android users are now automatically protected from the PROXYLIB attack by Google Play Protect, which is on by default on Android devices with Google Play Services.
The affected apps can be uninstalled using a mobile device’s uninstall functionality. However, apps like these may be made available under different names in future, which is where apps like Malwarebytes for Android can help.
Recommendations to stay clear of PROXYLIB are:
Do not install apps from third-party websites.
Victims of novel attacks like PROXYLIB might notice slow traffic, because their bandwidth is in use for other purposes. And at some point their IP address may be blocked by websites and other services.
The researchers included a list of applications they uncovered as part of PROXYLIB. If you installed any of the apps on the list before they were removed from Google Play you will need to uninstall them.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.
“}]] Read More
Malwarebytes
New NGate Android malware uses NFC chip to steal credit card data
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware named NGate can steal money from payment cards by relaying to an attacker’s device the data read by the near-field communication (NFC) chip. […] Read More