Apps Secretly Turning Devices Into Proxy Network Nodes Removed From Google Play
-
Apps Secretly Turning Devices Into Proxy Network Nodes Removed From Google Play
- HUMAN Security‘s Satori Threat Intelligence team has revealed, researchers Google removing a single free VPN app from its Play Store due to it making devices part of a proxy network used for ad fraud revealed a more widespread problem: the library responsible for the proxy node enrollment has subsequently been found in many more apps, as well as one mobile software development kit (SDK). “The original PROXYLIB library and the one embedded in the LumiApps SDK are highly similar, including file names and code structure which suggests that LumiApps SDK and the original library are likely built by the same threat actor. Based on some incremental changes to the code between PROXYLIB and the code in LumiApps, and subsequent versions of LumiApps itself, we believe LumiApps is a ‘newer’ version of the original library,” the team told Help Net Security. “The LumiApps SDK is available freely for anyone to incorporate into their apps, and they advertise it as a way to make money from your app without resorting to ads. If a developer wanted to monetize their app, they could certainly consider using LumiApps and be unaware of what the code was doing in the background, enrolling the device of the user as a node in a residential proxy network without the user’s knowledge. Since the SDK is freely available on the LumiApps website, and advertised both on the dark web and on social media sites, anyone can build it into their apps if they register for an account.” Though the LumiApps’s privacy policy talks about devices being part of the LumiApps networks, app developers might not read it before starting to use the SDF. Or they might know and don’t care. But end users – the app users – are unlikely to know all of this is happening in the background. The researchers also say that the threat actor is using Asocks – a residential proxy seller – as a way to monetize the PROXYLIB network.
ที่มาแหล่งข่าว
https://www.helpnetsecurity.com/2024/03/26/smartphone-apps-proxy-network/สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand