Security News > 2024 > March > Free VPN apps on Google Play turned Android phones into proxies
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots.
HUMAN discovered the first PROXYLIB carrier app in May 2023, a free Android VPN app named "Oko VPN." The researchers later found the same library used by the LumiApps Android app monetization service.
Following HUMAN's report, Google removed any new and remaining apps using the LumiApps SDK from the Play Store in February 2024 and updated Google Play Protect to detect the LumiApp libraries used in the apps.
Many apps listed above are now available again on the Google Play store, presumably after their developers removed the offending SDK. They were sometimes published from different developer accounts, potentially indicating previous account bans.
More Android apps riddled with malware spotted on Google Play.
Google tests blocking side-loaded Android apps with risky permissions.
News URL
Related news
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users (source)
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers (source)
- Google fixes actively exploited FreeType flaw on Android (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)