Network bandwidth-sharing applications, also known as “proxyware,” can pose grave security and legal risks to their users.
As security company Trend Micro explains in a report published recently, several prominent proxyware platforms that turn people’s computers into residential IP proxies for others to use do not generate income for the donors but for the developers.
Additionally, in many cases, they might expose users to malware infections and even put them in legal trouble due to someone using their IPs for illegal purposes.
Unfortunately, these proxyware platforms are promoted by many famous YouTubers and bloggers who don’t perform code vetting or process scrutiny, hence sending their audience to risky platforms.
Users of network bandwidth-sharing platforms are asked to download a client app and then let it run in the background at all times, giving away available bandwidth or sometimes processing resources to those in need while passing traffic through the user’s IP address.
Residential IPs are valuable for routing network requests because they are considered trustworthy by network security tools that treat traffic originating from them as genuine. Datacenter IPs, on the other hand, often facilitate bot traffic and quickly find their place in blocklists.
Users sharing their connections get credits which can be exchanged for discounts on affiliated platforms or exchanged with cryptocurrency or fiat money.
In theory, it is a win-win situation, helping people make the most of their available bandwidth without getting charged extra by their ISP.
Looking Under the Hood
Trend Micro investigated the claims made by popular proxyware apps like HoneyGain, TraffMonitizer, Peer2Profit, PacketStream, and IPRoyal Pawns, all promising easy ways to make money.
The security researchers captured and examined traffic coming from the exit nodes of these platforms for a total of nine months in 2022, identifying several signs of suspicious activity.
A summary of what Trend Micro saw is given below:
- Access to 3rd-party SMS and SMS PVA services – Honeygain, PacketStream
- Accessing potential click-fraud or silent advertisement sites – Honeygain
- SQL injection probing – Honeygain, PacketStream, IPRoyal Pawns
- Attempts to access /etc/passwd and other security scans – Honeygain, PacketStream
- Crawling government websites – Honeygain
- Crawling of personally identifiable information (including national IDs and SSN) – IPRoyal Pawns
- Bulk registration of social media accounts – IPRoyal Pawns
In addition to the above, the proxyware apps reviewed by Trend Micro often facilitated illegal activities such as bulk account registration for spamming and phishing, participation in click fraud operations, SQL injection attempts, government website crawling, and more.
Many of these activities are illegal in most countries and could put the owners of the residential IP addresses that appear as the source of that traffic in legal trouble.
Since these proxyware client apps do not allow users to monitor what kind of traffic goes through their IPs, the risk of finding trouble remains significant at all times.
Trend Micro has also discovered a set of apps that do not promote themselves as passive income generators but install an SDK that turns the host into a proxy anyway.
Obviously, any credits generated by these apps go to their authors and distributors, while the victims donate bandwidth without knowing it.
The malicious apps hiding proxyware inside them are:
- Walliant, an automated wallpaper changer
- Decacopy Clipboard Manager, a program designed to store users’ recent copy-pasted content
- EasyAsVPN, unwanted software often installed by tricking users
- Taskbar System, an app that changes the color of your taskbar
- Relevant Knowledge, an adware
- RestMinder, a clock software that reminds users to take a rest
- Viewndow, software that keeps selected app window pinned
- Saferternet, DNS based web-filtering software
Trend Micro reports that the proportion of legitimate to malicious traffic observed from the exit nodes of these apps is similar to that of the non-hidden proxyware platforms, so the same risks apply here.
For all the reasons discussed in this article, users are advised to steer clear from proxyware no matter who promotes it or what promises accompany these promotions. “Passive income” software, even the legitimate kind, may incur a lot more damage in a single day than the revenue it will generate over an extended period of time.