Application security, Endpoint/Device Security, Malware

Malicious Android apps facilitate device transformation into proxies

April 2, 2024

(Adobe Stock)

Almost 30 malicious VPN apps with proxyware enabled by a Golang library allowed Android devices to perform as residential proxies that could be leveraged for illicit cyber activity as part of the PROXYLIB operation, reports The Hacker News.

Threat actors could leverage the apps, all of which have already been removed from the Google Play Store, to conceal a variety of cyberattacks, according to a report from HUMAN's Satori Threat Intelligence team.

"When a threat actor uses a residential proxy, the traffic from these attacks appears to be coming from different residential IP addresses instead of an IP of a data center or other parts of a threat actor's infrastructure. Many threat actors purchase access to these networks to facilitate their operations," said researchers.

Such a development follows an Orange Cyberdefense and Sekoia report detailing the integration of proxyware within products or services that could be installed without being noticed by users.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Learn More

SC Staff

Patch/Configuration Management

Additional patches for Microsoft 365 on Windows 10 promised

SC StaffMay 13, 2025

The Register reports that Microsoft has committed to remediating security issues impacting Microsoft 365 apps on Windows 10 until Oct. 10, 2028, or a little over three years after it ends Windows 10 support.

Application security

Google settles nearly $1.4B Texas case for collecting personal data

Shaun NicholsMay 12, 2025

Settlement is the largest individual penalty to date against Google in the state of Texas.

Women hand using smartphone typing, chatting conversation in chat box icons pop up. Social media maketing technology concept.Vintage soft color tone background.

Application security

More secure federal instant messaging platforms pushed by acting Pentagon CIO

SC StaffMay 9, 2025

U.S. Defense Department Acting Chief Information Officer and Chief Information Security Officer Katie Arrington said that the implementation of secure instant messaging platforms for government and military leaders will be prioritized following Defense Secretary Pete Hegseth's exposure of the country's military strike plans against Houthi rebels in Yemen in a Signal chat that inadvertently included a journalist.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Malicious Android apps facilitate device transformation into proxies

An In-Depth Guide to Application Security

Related

Additional patches for Microsoft 365 on Windows 10 promised

Google settles nearly $1.4B Texas case for collecting personal data

More secure federal instant messaging platforms pushed by acting Pentagon CIO

Related Events

DevSecOps Unleashed: Accelerating Development Without Compromising Security

Breaking Barriers: Solving AppSec Challenges in Financial Services

Rooting Out Overlooked Risks in the Data and AI Supply Chain: Introducing a New Approach

Get daily email updates