Security News > 2024 > March > Apps secretly turning devices into proxy network nodes removed from Google Play
As recently released research by HUMAN Security's Satori Threat Intelligence team has revealed, researchers Google removing a single free VPN app from its Play Store due to it making devices part of a proxy network used for ad fraud revealed a more widespread problem: the library responsible for the proxy node enrollment has subsequently been found in many more apps, as well as one mobile software development kit.
"The LumiApps SDK is available freely for anyone to incorporate into their apps, and they advertise it as a way to make money from your app without resorting to ads. If a developer wanted to monetize their app, they could certainly consider using LumiApps and be unaware of what the code was doing in the background, enrolling the device of the user as a node in a residential proxy network without the user's knowledge. Since the SDK is freely available on the LumiApps website, and advertised both on the dark web and on social media sites, anyone can build it into their apps if they register for an account."
After Satori's discovery of 28 apps on Google Play carrying the PROXYLIB library, Google has removed them.
Google Play Protect, which is on by default on Android devices with Google Play Services, automatically protects users by disabling such apps, and provides a warning and asks users if they would like to uninstall them.
"The majority of the apps we identified containing the LumiApps SDK were not made available in the Google Play Store and were surfaced by HUMAN in third party online repositories, where they posed as 'mods'," Satori researchers told Help Net Security.
They also noted that Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Google Play.
News URL
https://www.helpnetsecurity.com/2024/03/26/smartphone-apps-proxy-network/