Not SimonHuman Security identified a cluster of VPN apps available on the Google Play Store that transformed the user’s device into a proxy node without their knowledge. They dubbed this operation PROXYLIB after the Golang library responsible for the proxy node enrollment in each of the apps. They uncovered 28 applications related to PROXYLIB. They provide background and analysis of PROXYLIB. They list the applications removed. No IOC 🔗 https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
