Hackers are using these Android apps on the Play store to stage attacks — delete them all right now
Even with one of the best Android phones you still need to be careful when downloading new apps onto your device. Case in point, 28 apps were recently discovered on the Google Play Store which were being used by hackers to turn the smartphones they were installed on into proxies.
As reported by BleepingComputer, HUMAN’s Satori threat intelligence team discovered that these seemingly harmless apps were actually doing something shady in the background. Of the 28 apps listed in its report, 17 of them were posing as free VPN software.
While the best free VPN apps and services can help further protect your privacy online, you always need to be careful when installing one onto your devices. As the person who tests VPNs for our reviews on Tom’s Guide, I highly recommend you invest in one of the best VPN services instead as these paid solutions are much more reputable and many of them have their apps and services audited by third-parties to ensure they don’t contain any vulnerabilities or malicious code.
Although having your phone turned into a proxy isn’t nearly as bad as having it infected with Android malware, it’s still cause for concern. Residential proxies do have legitimate uses like for market research and search engine optimization but in the wrong hands such as in this case, they can be used for all manner of malicious activities from ad fraud to phishing and even credential stuffing.
Here’s everything you need to know about these good apps gone bad along with some tips on how to stay safe from malicious apps.
Delete these apps right now
Some of the apps listed below no longer contain the malicious code that was used to turn Android smartphones running them into proxies. For those worried that hackers could be using their devices for cybercrime though, it’s recommended that you manually delete these apps if you have any of them installed on your smartphone.
Lite VPN
Anims Keyboard
Blaze Stride
Byte Blade VPN
Android 12 Launcher
Android 13 Launcher
Android 14 Launcher
CaptainDroid Feeds
Free Old Classic Movies
Phone Comparison
Fast Fly VPN
Fast Fox VPN
Fast Line VPN
Funny Char Ging Animation
Limo Edges
Oko VPN
Phone App Launcher
Quick Flow VPN
Sample VPN
Secure Thunder
Shine Secure
Speed Surf
Swift Shield VPN
Turbo Track VPN
Turbo Tunnel VPN
Yellow Flash VPN
VPN Ultra
Run VPN
Turning phones into proxies
The one thing that all 28 of these apps have in common is that they were using a software development kit (SDK) from LumiApps. The company also runs an Android app monetization platform which uses a device’s IP address to load webpages in the background and send any data it retrieves to companies.
Normally, this is from well-known sites and is “done in a way that never interrupts the user and fully complies with GDPR/CCPA” according to LumiApps’ website. All of this is done with the end goal of helping companies “improve their databases, offering better products, services and pricing.”
On paper, this seems harmless albeit a little intrusive but you get what you pay for when you download free apps instead of paid ones. What LumiaApps likely didn’t expect is that hackers would figure out how to use its app monetization platform for their own gain.
After conducting an investigation into these 28 apps, HUMAN’s security researchers discovered that they all contained a Golang library used to perform proxying called “Proxylib”. The first app the firm found that contained Proxylib was a free Android VPN app called Oko VPN. The security researchers later found that this same library was used by LumiApps’ Android app monetization service.
Based on the findings of its investigation, HUMAN believes these malicious apps are linked to a Russian residential proxy service provider called Asocks. It’s worth noting that Asocks’ service is often advertised on hacking forums online.
At the beginning of this year, LumiApps released a new version of its SDK which included Proxylib v2. Apparently, this was done to address “integration issues” but it’s unclear as to whether or not it can also be exploited by hackers in their attacks.
Google has since removed any of the remaining apps as well as any new ones using the LumiApps SDK from the Play Store. Likewise, some of the developers who were using the SDK have removed it too to fix their apps, though some have republished the same apps using different developer accounts.
How to stay safe from malicious apps
When it comes to protecting yourself and your devices from malicious apps, the first thing you want to do is to avoid installing unnecessary apps on your Android smartphone. Ask yourself if you really need the app in question and from there, you want to check its rating and reviews before you install it. Keep in mind though that reviews and ratings can be faked which is why I always suggest looking at video reviews so that you can see the app in question in action.
On the security front, you want to make sure that Google Play Protect is enabled as it scans both your existing apps and any new ones you download for malware and other threats. For additional protection though, you should consider installing one of the best Android antivirus apps, too.
As for free VPN apps and free VPNs in general, I really can’t recommend them. Most VPN services are quite inexpensive for what they provide and if you shop smart, you can often get a great deal on ExpressVPN, NordVPN, Surfshark or other top providers. For instance, I purchased a two-year subscription to Surfshark at a steep discount on Black Friday a year and a half ago and it’s still going strong.
Hackers and other cybercriminals will continue to release malicious apps and to try and turn good apps bad by injecting malicious code into them. This is because there’s just so much personal and financial data on our smartphones these days. Due to this, it’s up to you to think carefully and do the appropriate research before installing any new app on your smartphone regardless of how popular it may be.