Ever wondered how secure are your digital devices at home? Is your vaccuum cleaner spying on you? We have Dennis Giese talking about #smarthomesecurity & #privacy

Lindsay Kaye will show us how our #android devices started becoming part of a large #malicious proxy network by talking about #proxylib

This meetup has been sponsored by Dataminr and we would like to thank our location hosts Rapid7 for hosting us!

RSVP to grab a spot before its too late at https://lnkd.in/ehBwWKRY . Update your RSVP if you are no longer coming.
#security #cybersecurity #networksecurity #infosec

Our next meetup we have Dennis Giese talking about #smarthomesecurity & #privacy and Lindsay Kaye talking about #proxylib

This meetup has been sponsored by Dataminr and we would like to thank our location hosts Rapid7 for hosting us!

RSVP to grab a spot before its too late at https://www.meetup.com/the-boston-security-meetup/events/300211922/ . Update your RSVP if you are no longer coming.
#security #cybersecurity #networksecurity #infosec

Researchers from HUMAN’s Satori Threat Intelligence discovered a significant number of VPN apps on Android phones that, without users' knowledge, turned their devices into criminal proxies as part of a campaign named PROXYLIB. Cybercriminals and state actors use proxies to hide their activities, making it harder for them to be caught. They found 28 apps on Google Play that did this, including 17 free VPNs, which have since been removed. The apps used a shared code library, PROXYLIB, to enroll devices into the criminal network. HUMAN also found hundreds of apps in third-party repositories that appeared to use the LumiApps toolkit, a Software Development Kit (SDK) which can be used to load PROXYLIB. They also tied PROXYLIB to another platform that specializes in selling access to proxy nodes, called Asocks.

Residential proxies are a network of proxy servers sourced from real IP addresses provided by internet service providers (ISPs), helping users hide their actual IP addresses by routing their internet traffic through an intermediary server. The anonymity benefits aside, they are ripe for abuse by threat actors to not only obfuscate their origins but also to conduct a wide range of attacks. Many threat actors purchase access to these networks to facilitate their operations. Some of these networks can be created by malware operators tricking unsuspecting users into installing bogus apps that essentially corral the devices into a botnet that's then monetized for profit by selling the access to other customers.

The Android VPN apps discovered by HUMAN are designed to establish contact with a remote server, enroll the infected device to the network, and process any request from the proxy network. This operation has been codenamed PROXYLIB by the company. The 29 apps in question have since been removed by Google. The anonymity benefits of residential proxies allow threat actors to not only hide their origins but also to conduct a wide range of attacks, including advertising fraud, password spraying, and credential stuffing attacks.

https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes

#cybersecurity #android #malware #vpn #proxylib #google #googleplay #apps #lumiapps #sdk #proxy #asocks #network #server #passwordspraying #humansecurity #satori #threatintelligence

Human Security identified a cluster of VPN apps available on the Google Play Store that transformed the user’s device into a proxy node without their knowledge. They dubbed this operation PROXYLIB after the Golang library responsible for the proxy node enrollment in each of the apps. They uncovered 28 applications related to PROXYLIB. They provide background and analysis of PROXYLIB. They list the applications removed. No IOC 🔗 https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes

#proxyware #threatintel #PROXYLIB