Talk

An Uninvited House Guest: How PROXYLIB Overstayed its Welcome on Android Devices

avril 26, 17:00 (CAMPUS)

Cybercriminal threat actors sell access to residential proxy networks to other threat actors who are looking to hide malicious behavior behind residential IPs, including credential stuffing attacks, password spraying or large-scale ad fraud. In May 2023, we identified a cluster of VPN apps available on the Google Play Store that transformed the user’s device into a proxy node without their knowledge. We’ve dubbed this operation PROXYLIB after the common library in each of the apps.
Researchers at IAS identified this malicious behavior in a single free VPN application — Oko VPN— on Google’s Play Store, and projected that the operators earned $2 million a month through conducting ad fraud prior to the app’s removal from the Play Store. Based on further analysis of Oko VPN, Satori researchers uncovered nearly 40 applications related to PROXYLIB. These apps shared a common native library, written in Golang, that enrolls the device as a proxy node.

The team later uncovered a subsequent version of PROXYLIB, offered online via the LumiApps SDK, and other adaptations by the threat actor that used the same Golang library to turn the device into a proxy node. This talk will provide a technical deep-dive into the PROXYLIB Android malware and the related Windows binaries. We will also discuss the attribution of PROXYLIB and how the threat actor was able to use an online residential proxy seller to monetize the campaign. Finally, we will provide an overview of how defenders can mitigate the threat of residential proxies, malicious Android applications and ad fraud as it pertains to these threats.

Speaker

ins-dummy-speaker

Lindsay Kaye

Lindsay Kaye is the Vice President of Threat Intelligence at HUMAN Security. Her technical specialty and passion is reverse engineering. Lindsay holds a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.

Organized by

Technology partners

Partner events

Retour en haut