Almost 30 malicious VPN apps with proxyware enabled by a Golang library allowed Android devices to perform as residential proxies that could be leveraged for illicit cyber activity as part of the PROXYLIB operation, reports The Hacker News.
Threat actors could leverage the apps, all of which have already been removed from the Google Play Store, to conceal a variety of cyberattacks, according to a report from HUMAN's Satori Threat Intelligence team.
"When a threat actor uses a residential proxy, the traffic from these attacks appears to be coming from different residential IP addresses instead of an IP of a data center or other parts of a threat actor's infrastructure. Many threat actors purchase access to these networks to facilitate their operations," said researchers.
Such a development follows an Orange Cyberdefense and Sekoia report detailing the integration of proxyware within products or services that could be installed without being noticed by users.
