Network bandwidth-sharing applications, also known as “proxyware,” can pose grave security and legal risks to their users.
As security company Trend Micro explains in a report published recently, several prominent proxyware platforms that turn people’s computers into residential IP proxies for others to use do not generate income for the donors but for the developers.
Additionally, in many cases, they might expose users to malware infections and even put them in legal trouble due to someone using their IPs for illegal purposes.
Unfortunately, these proxyware platforms are promoted by many famous YouTubers and bloggers who don’t perform code vetting or process scrutiny, hence sending their audience to risky platforms.
Shiny Industry
Users of network bandwidth-sharing platforms are asked to download a client app and then let it run in the background at all times, giving away available bandwidth or sometimes processing resources to those in need while passing traffic through the user’s IP address.
Residential IPs are valuable for routing network requests because they are considered trustworthy by network security tools that treat traffic originating from them as genuine. Datacenter IPs, on the other hand, often facilitate bot traffic and quickly find their place in blocklists.
Users sharing their connections get credits which can be exchanged for discounts on affiliated platforms or exchanged with cryptocurrency or fiat money.
In theory, it is a win-win situation, helping people make the most of their available bandwidth without getting charged extra by their ISP.
Looking Under the Hood
Trend Micro investigated the claims made by popular proxyware apps like HoneyGain, TraffMonitizer, Peer2Profit, PacketStream, and IPRoyal Pawns, all promising easy ways to make money.
The security researchers captured and examined traffic coming from the exit nodes of these platforms for a total of nine months in 2022, identifying several signs of suspicious activity.
A summary of what Trend Micro saw is given below:
- Access to 3rd-party SMS and SMS PVA services – Honeygain, PacketStream
- Accessing potential click-fraud or silent advertisement sites – Honeygain
- SQL injection probing – Honeygain, PacketStream, IPRoyal Pawns
- Attempts to access /etc/passwd and other security scans – Honeygain, PacketStream
- Crawling government websites – Honeygain
- Crawling of personally identifiable information (including national IDs and SSN) – IPRoyal Pawns
- Bulk registration of social media accounts – IPRoyal Pawns
In addition to the above, the proxyware apps reviewed by Trend Micro often facilitated illegal activities such as bulk account registration for spamming and phishing, participation in click fraud operations, SQL injection attempts, government website crawling, and more.
Many of these activities are illegal in most countries and could put the owners of the residential IP addresses that appear as the source of that traffic in legal trouble.
Since these proxyware client apps do not allow users to monitor what kind of traffic goes through their IPs, the risk of finding trouble remains significant at all times.
Masked Proxyware
Trend Micro has also discovered a set of apps that do not promote themselves as passive income generators but install an SDK that turns the host into a proxy anyway.
Trend Micro
Obviously, any credits generated by these apps go to their authors and distributors, while the victims donate bandwidth without knowing it.
The malicious apps hiding proxyware inside them are:
- Walliant, an automated wallpaper changer
- Decacopy Clipboard Manager, a program designed to store users’ recent copy-pasted content
- EasyAsVPN, unwanted software often installed by tricking users
- Taskbar System, an app that changes the color of your taskbar
- Relevant Knowledge, an adware
- RestMinder, a clock software that reminds users to take a rest
- Viewndow, software that keeps selected app window pinned
- Saferternet, DNS based web-filtering software
Trend Micro reports that the proportion of legitimate to malicious traffic observed from the exit nodes of these apps is similar to that of the non-hidden proxyware platforms, so the same risks apply here.
For all the reasons discussed in this article, users are advised to steer clear from proxyware no matter who promotes it or what promises accompany these promotions. “Passive income” software, even the legitimate kind, may incur a lot more damage in a single day than the revenue it will generate over an extended period of time.
My anti virus comes up with a message about this malware for repocket app when previously it didn’t have this issue. I’ve given the app 6 months on my computer and on my phone I’ve made precisely 25cents for 1gb of data, when i would pay much more than that if i was pay as you go it’s not worth it and to top if off with malware message on top I have now deleted this.
Who would be in his right mind to share his IP to people he doesn’t even know?
Hi @ambo hopskin, the returns are so small it is not even worth the effort, it is only going to be people with access to internet connections, smart devices, PCs and who are also incentivised by small amounts of money.. Given many kids desperate for money to buy in game credits, participate in paid online surveys and sit and get paid to watch adds for small amounts of money, I am going to guess they are likely to be amongst the targeted persons. Kids are also more likely to be cyber naive and/or greater prepared to take risk and to be more likely to not foresee the consequences. GL,
…Kids are also more likely to value gift cards (which is an option in many of these services / malware) to dodge the parents.
Very worrying!
Hi RP Community,
This is absolutely despicable behaviour by the developers and promoters.
Out of curiosity I searched on YouTube for this activity. Searching for “Proxyware” returned results with warnings about the dangers, then in searching for “Passive income Apps” and yes there are channels dedicated to this activity, I only watched the top ranking result and yes the channel promoted “Honeygain, PacketStream, IPRoyal Pawns,” and yes the channel offered a $5.00 coupon to sign up.
This is despicable and appalling. The channel noted that for each app you may only pay $1.00 per week (it varies depending on the app) but what they recommended was “app stacking” where the recommendation was to sign up for as many apps as possible.
I don’t believe anyone who regularly reads RP would come close to falling for such schemes. They are targeting the vulnerable, the naive and financially desperate.
The attention of consumer protection agencies in my jurisdiction, (I believe) would nail this as ‘predatory’ and ‘deceptive’ conduct; But they probably won’t until the victims pile up and the consequences reach scale.
To the developers, this is just scummy malware with financial incentives for influences who gain promoting DIY malware.
G.L. all,
A little crude . But hey . The government plays dirty , why cant we . Two wrongs make a right .