![]() The app concludes its initialization process by connecting to an ad network to load ads and finally stores data in a local cache before proceeding to a DDoS site. These files are requested from specific personal servers, several GitHub repositories, or Google Drive accounts. It then sends a request to Bing and Google with the query “What is my IP?” Lecromee also learned that the app parses the returned HTML and identifies IPs from the responses, mainly to find the config files to upload.Īfter identifying its required config type, the app sends requests to two different config files stored in the developer’s personal Google Drive account. He identified that the app figures out the real IP address right after installation, language selection, and accepting the Privacy Policy. To determine the actual intention of the app, he used mitmproxy to capture the sent data. He observed that the Swing VPN app sent some requests to a site. At this point, Lecromee was uncertain whether the Swing app had a malicious agenda. ![]() To investigate further, Lecromee installed the Pcapdroid app to check his terminal’s log communication and inspect Swing VPN’s operations. The requests were sent to the same site that Lecromee’s friend had never accessed or visited, which made the researcher suspicious of the app. However, further investigation revealed that all requests were sent from the Swing VPN app, which his friend had installed on his phone. Initially, Lecromee blamed the issue on malware or a virus. The app allegedly used different tactics to hide its malicious actions to keep the attack undetected. ![]() The phone continually sent requests to a specific website every 10 seconds. It all started when Lecromee’s friend informed him about observing an unusual request pattern on his cellphone. However, according to researcher Lecromee, the Android version of this app is a DDoS botnet and allegedly harbours malicious intent as it can carry out distributed denial of service attacks ( DDoS attacks). Swing VPN is a legitimate VPN app developed for Android and iOS systems by Limestone Software Solutions. The Swing VPN app, which is available on the official Google Play Store under the name Swing VPN – Fast VPN Proxy, has more than 5 million downloads. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |