Hackers are using these Android apps on the Play Store to stage attacks — delete them all right now

One phone with skull and crossbones on screen among several other clean-looking phones.
(Image credit: Marcos_Silva/Shutterstock)

Even with one of the best Android phones you still need to be careful when downloading new apps onto your device. Case in point, 28 apps were recently discovered on the Google Play Store which were being used by hackers to turn the smartphones they were installed on into proxies.

As reported by BleepingComputer, HUMAN’s Satori threat intelligence team discovered that these seemingly harmless apps were actually doing something shady in the background. Of the 28 apps listed in its report, 17 of them were posing as free VPN software.

While the best free VPN apps and services can help further protect your privacy online, you always need to be careful when installing one onto your devices. As the person who tests VPNs for our reviews on Tom’s Guide, I highly recommend you invest in one of the best VPN services instead as these paid solutions are much more reputable and many of them have their apps and services audited by third-parties to ensure they don’t contain any vulnerabilities or malicious code.

Although having your phone turned into a proxy isn’t nearly as bad as having it infected with Android malware, it’s still cause for concern. Residential proxies do have legitimate uses like for market research and search engine optimization but in the wrong hands such as in this case, they can be used for all manner of malicious activities from ad fraud to phishing and even credential stuffing.

Here’s everything you need to know about these good apps gone bad along with some tips on how to stay safe from malicious apps.

Delete these apps right now

Some of the apps listed below no longer contain the malicious code that was used to turn Android smartphones running them into proxies. For those worried that hackers could be using their devices for cybercrime though, it’s recommended that you manually delete these apps if you have any of them installed on your smartphone.

  • Lite VPN
  • Anims Keyboard
  • Blaze Stride
  • Byte Blade VPN
  • Android 12 Launcher 
  • Android 13 Launcher 
  • Android 14 Launcher 
  • CaptainDroid Feeds
  • Free Old Classic Movies 
  • Phone Comparison 
  • Fast Fly VPN
  • Fast Fox VPN
  • Fast Line VPN
  • Funny Char Ging Animation
  • Limo Edges
  • Oko VPN
  • Phone App Launcher
  • Quick Flow VPN
  • Sample VPN
  • Secure Thunder
  • Shine Secure
  • Speed Surf
  • Swift Shield VPN
  • Turbo Track VPN
  • Turbo Tunnel VPN
  • Yellow Flash VPN
  • VPN Ultra
  • Run VPN

Turning phones into proxies

The one thing that all 28 of these apps have in common is that they were using a software development kit (SDK) from LumiApps. The company also runs an Android app monetization platform which uses a device’s IP address to load webpages in the background and send any data it retrieves to companies. 

Normally, this is from well-known sites and is “done in a way that never interrupts the user and fully complies with GDPR/CCPA” according to LumiApps’ website. All of this is done with the end goal of helping companies “improve their databases, offering better products, services and pricing.” 

On paper, this seems harmless albeit a little intrusive but you get what you pay for when you download free apps instead of paid ones. What LumiaApps likely didn’t expect is that hackers would figure out how to use its app monetization platform for their own gain.

After conducting an investigation into these 28 apps, HUMAN’s security researchers discovered that they all contained a Golang library used to perform proxying called “Proxylib”. The first app the firm found that contained Proxylib was a free Android VPN app called Oko VPN. The security researchers later found that this same library was used by LumiApps’ Android app monetization service.

Based on the findings of its investigation, HUMAN believes these malicious apps are linked to a Russian residential proxy service provider called Asocks. It’s worth noting that Asocks’ service is often advertised on hacking forums online.

At the beginning of this year, LumiApps released a new version of its SDK which included Proxylib v2. Apparently, this was done to address “integration issues” but it’s unclear as to whether or not it can also be exploited by hackers in their attacks.

Google has since removed any of the remaining apps as well as any new ones using the LumiApps SDK from the Play Store. Likewise, some of the developers who were using the SDK have removed it too to fix their apps, though some have republished the same apps using different developer accounts.

How to stay safe from malicious apps

A hand holding a phone securely logging in

(Image credit: Google)

When it comes to protecting yourself and your devices from malicious apps, the first thing you want to do is to avoid installing unnecessary apps on your Android smartphone. Ask yourself if you really need the app in question and from there, you want to check its rating and reviews before you install it. Keep in mind though that reviews and ratings can be faked which is why I always suggest looking at video reviews so that you can see the app in question in action.

On the security front, you want to make sure that Google Play Protect is enabled as it scans both your existing apps and any new ones you download for malware and other threats. For additional protection though, you should consider installing one of the best Android antivirus apps, too.

As for free VPN apps and free VPNs in general, I really can’t recommend them. Most VPN services are quite inexpensive for what they provide and if you shop smart, you can often get a great deal on ExpressVPN, NordVPN, Surfshark or other top providers. For instance, I purchased a two-year subscription to Surfshark at a steep discount on Black Friday a year and a half ago and it’s still going strong.

Hackers and other cybercriminals will continue to release malicious apps and to try and turn good apps bad by injecting malicious code into them. This is because there’s just so much personal and financial data on our smartphones these days. Due to this, it’s up to you to think carefully and do the appropriate research before installing any new app on your smartphone regardless of how popular it may be.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
Computer with warning image being magnified
This VPN sells access to people's home internet networks
and image of the Google Chrome logo on a laptop
Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk
and image of the Google Chrome logo on a laptop
Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know
Facebook, Instagram, YouTube, Pinterest, X, LinkedIn, Reddit, TikTok, Threads apps on an iPhone
Why you need to review your app permissions now
Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far