Watch out — that free Android VPN app could hijack your device

Researchers find more than two dozen malicious Android VPN apps

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Almost two dozen free Android VPN apps were actually turning host devices intoresidential proxies, researchers have revealed announced. All of the apps were subsequently removed from thePlay Store, with some making a comeback after cleaning up their code.

Cybersecurity researchers from HUMAN’s Satori Intelligence Team recently discovered a total of 28 apps, all of which had the “Proxylib” software development kit (SDK). This SDK, built in the Golang programming language, was designed to do the proxying, a process in which internet traffic is routed through third-party devices.

All of the apps were subsequently removed from the Play Store, with some making a comeback after cleaning up their code.

Russian fingers

Russian fingers

While proxying has its legitimate, legal use cases, when it’s not clearly stated in the app, it’s most likely criminal. Hackers use it to hide their traffic as they commit ad fraud, phishing, and more.

Of the 28 apps, 17 were free VPN apps. Here is the full list:

The researchers speculate that these apps are linked to Asocks, a Russia-based residential proxy service provider, given that many apps connected to the Asocks’ website, and the Asocks service is commonly promoted to cybercriminals on hacking forums.

After discovering the apps,Googleremoved all of them from the Play Store, with some reappearing, possibly after removing the malicious SDK.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Users would be wise to double-check if any of their apps are still listed on the Play Store, and remove them if they’re not. Alternatively, they should at least keep them updated to the latest version.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

3 reasons why PIA fell in our best VPN rankings

Is it still worth using Proton VPN Free?

Stormforce Pro Creator 0601 workstation review