Samsung Galaxy and Google Pixel users should remove these apps now

Another warning has suddenly been issued after the discovery of a dangerous app in Google’s Play Store that tricks users into putting their phones and data at risk…

Google is fighting a never-ending battle to remove dangerous malware from the Play Store. The list of dangerous apps gets longer with every security report published. However, the advice remains the same. Delete these apps now.

Latest report courtesy of Human’s Satori Threat Intelligence. It warns that a series of rogue VPN apps using malicious SDKs have bypassed Google’s defenses and rented Android smartphones by turning them into proxies on malicious networks. Once the app is installed, it hides the source of the commands and opens the door to a variety of attacks, all of which are dangerous. Google has removed the problematic version of the app from the Play Store. The cycle continues endlessly.

More from ForbesSurprising iPhone leak reveals key features missing from iOS 18by Zach Doffman

Because the app has been made malicious by its SDK, it may return to the Play Store with the SDK removed. However, you should delete everything stored on your phone and then, if necessary, reinstall it afresh, considering its trivial nature.

Researchers behind the report say the use of so-called residential proxies, or network obfuscation, is “used by threat actors to hide malicious activity such as password spraying, large-scale ad fraud, and credential stuffing attacks. “There is a possibility that it will be done.” When a threat actor uses a residential proxy, the traffic from these attacks appears to come from a different residential IP address, rather than an IP in the data center or other parts of the threat actor’s infrastructure. ” Apparently, these proxy phones create a clean and growing network of seemingly innocuous IP addresses.

Such residential proxies can be used by legitimate companies to enable web scraping and other unwanted activities that the network can detect and block. As the FBI warned about such techniques last year, “Cybercriminals rely heavily on the use of residential proxies, which are connected to the residential Internet connection and can therefore be identified as anomalous. By obfuscating real IP addresses from proxy services, including legitimate proxy service providers, attackers may choose to use purchased proxies. Makes it easier to bypass site defenses. IP addresses may be individually blocked or may originate from a specific geographic region. ”

For this latest campaign, our team’s investigation began with a free Android VPN called Oko VPN that was identified as a threat in 2023. “The application registers the user to proxy her network and receives instructions from a set of command and control (C2)” servers for port/IP connections. After registering, the infected device relays her web requests to email sites, online retailers, Twitch streaming platform, etc. ”

Interestingly, the VPN also has an iOS app, but “Satori has confirmed that the iOS version of the app is not malicious.”

The following malicious apps are currently removed from the Play Store: As before, now that this threat has been identified, Google’s Play Protect will prevent future installations of versions of these apps where the rogue SDK is still present. However, this will not cleanse your current installation. As above, if necessary, remove it now and reinstall it later.

More from ForbesYes, even President Vladimir Putin just warned that telegrams are dangerous.by Zach Doffman

1. light vpn
2. animes keyboard
3. blaze stride
4. Byteblade VPN
5. Android 12 launcher
6. Android 13 launcher
7. Android 14 launcher
8. captain droid feed
9. free old classic movies
10. phone comparison
11. Fast Fly VPN
12. Fastfox VPN
13. Fastline VPN
14. Funny Char Ging Animation
15. limousine edge
16. Oko VPN
17. phone app launcher
18. Quick Flow VPN
19. Sample VPN
20. secure sander
21. shine secure
22. speed surf
23. swift shield
24. Turbo Track VPN
25. Turbo Tunnel VPN
26. Yellow Flash VPN
27. VPN Ultra
28. Run a VPN

The human team used a malicious library within the first VPN to track other VPNs. “These apps all contained malicious libraries that established two-way connections to proxy networks and turned the device into a residential proxy node without the user knowing… Most were free was pretending to be his VPN app.

Infected devices can create a network of proxies that the attackers behind the campaign can sell access to. The team warned that as development continues, “we expect that threat actors will continue to evolve his TTP to continue selling residential proxy access to his network.” Masu.

However, if you follow the five golden rules, you will be immune to attacks such as:

1. Please use the official app store. Don’t use third-party stores and don’t change your device’s security settings to allow apps to load.
2. Check the developer in the app description. Avoid free apps unless it’s unclear how the developer makes money or the developer is well-known. And check the reviews to see if they are genuine or fake.
3. Don’t give permissions to apps you don’t need. Flashlights and stargazing apps don’t require access to your contacts or phone. Also, never grant accessibility permissions that facilitate device control unless necessary.
4. I never have Until now Click the link in the email or message to download the app or update directly. Always use the app store for installations and updates.
5. Don’t install apps that link to established apps like WhatsApp unless you know they’re legitimate. Check out reviews and what people are saying online.

Google’s advice on issues like this is to stick with Play Protect: “Android users are automatically protected from known versions of malware with Google Play Protect. “It’s turned on by default on Android devices with Android devices.” Google Play Protect can warn users or block apps that are known to exhibit malicious behavior, even if those apps come from sources outside of Play. ”

I have contacted them here for additional comment.

More from ForbesSamsung issues important update for millions of Galaxy usersby Zach Doffman

Because VPNs are meant to protect your device and its traffic, and are highly recommended when traveling or accessing public, hotel, or restaurant Wi-Fi, using a VPN to hide your attacks is a bad idea. That’s ironic. This means the VPN you choose matters.

Just because a developer claims that their app is a VPN doesn’t in itself provide a sign of security or legitimacy. There is no certification process. Considering its importance, we highly recommend a paid VPN that is not expensive. And definitely not by unknown developers. Stick to names that everyone knows.

In the meantime, watch this space as the cycle continues…