Human Threat Intelligence Discovers Malicious Apps on Google Play Store Utilizing Android Devices as Proxy Nodes; Google Takes Swift Action

Security company Human Threat Intelligence has uncovered a concerning discovery regarding the Google Play Store hosting 28 apps that were capable of adding Android devices to a commercial proxy network as proxy nodes. Fortunately, Google has taken swift action and removed these malicious apps.

The researchers found that within the 28 Android apps were popular free VPN services like Oko VPN and Run VPN. These apps utilized a library that could surreptitiously add a user's device to a proxy network without their knowledge. The researchers revealed that the commercial proxy network in question belonged to Asocks, a provider boasting a residential proxy network comprising of seven million IP addresses. Initially, developers had to manually incorporate the libraries into their apps. However, an SDK was later discovered to automate the process, enabling Android app codebases to be easily expanded with identical libraries.

Although the apps have been removed from the Google Play Store, some have resurfaced without the malicious libraries. The researchers stressed that Android users are now shielded from such threats thanks to Google Play Protect. This protective tool scans Android apps for potential malware, ensuring user safety and security.