Security News

Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. HUMAN discovered the first PROXYLIB carrier app in May 2023, a free Android VPN app named "Oko VPN." The researchers later found the same library used by the LumiApps Android app monetization service.

As recently released research by HUMAN Security's Satori Threat Intelligence team has revealed, researchers Google removing a single free VPN app from its Play Store due to it making devices part of a proxy network used for ad fraud revealed a more widespread problem: the library responsible for the proxy node enrollment has subsequently been found in many more apps, as well as one mobile software development kit. "The LumiApps SDK is available freely for anyone to incorporate into their apps, and they advertise it as a way to make money from your app without resorting to ads. If a developer wanted to monetize their app, they could certainly consider using LumiApps and be unaware of what the code was doing in the background, enrolling the device of the user as a node in a residential proxy network without the user's knowledge. Since the SDK is freely available on the LumiApps website, and advertised both on the dark web and on social media sites, anyone can build it into their apps if they register for an account."

The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play. Last summer, ThreatFabric warned of another Europe-focused Anatsa campaign that also used dropper apps hosted on Google Play, primarily fake PDF viewer apps.

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the...

An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but remain available on third-party app stores, are disguised as messaging or news apps.

A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. Even though the apps have since been removed from Google Play, users who installed them since mid-2020 might still carry active Xamalicious infections on their phones, requiring manual scans and cleanup.

More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. Since the start of the year, cybersecurity company ESET, a member of the App Defense Alliance dedicated to detecting and eradicating malware from Google Play, has discovered 18 SpyLoan apps.

Roid VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data Safety section. "We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," said Nataliya Stanetsky from Google's Android Security and Privacy Team.

Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application...

Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform. Starting with VPN apps, which Google considers critical for user privacy and security due to handling sensitive data, the Play Store will display the "Independent security review" badge in the Data Safety Section.