Even the best Android phones need to be careful when downloading new apps to their devices As an example, 28 apps that were used to proxy smartphones installed by hackers were recently discovered in the Google Play store

As reported by BleepingComputer, HUMAN's Satori threat intelligence team discovered that these seemingly harmless apps were actually doing dubious things in the background Of the 28 apps listed in the report, 17 were posing as free VPN software

The best free VPN apps and services can help protect your online privacy, but you should always be careful when installing them on your device, and as I test VPNs in my reviews for Tom'sGuide, I strongly recommend investing in the best VPN service instead I recommend that you invest in the best VPN service These paid solutions are more reputable, and many of them have been audited by third parties to ensure that their apps and services do not contain vulnerabilities or malicious code

Having your phone proxied is not as bad as being infected with Android malware, but it is still a cause for concern Residential proxies have legitimate uses, such as market research and search engine optimization, but when abused as in this case, they can be used for all kinds of malicious activity, from ad fraud to phishing and even credential stuffing

Here is everything you need to know about malicious apps, along with tips on how to keep yourself safe from them

Some of the following apps do not contain the malicious code that was used to proxy Android smartphones However, for those who are concerned that hackers may be using their devices for cybercrime, it is recommended that they manually remove these apps if they are installed on their smartphones

What these 28 apps have in common is that they used LumiApps' software development kit (SDK) The company also operates an Android app monetization platform that uses the device's IP address to load web pages in the background and send the retrieved data to companies

According to the LumiApps website, this is usually from well-known sites, "done in a way that never interrupts the user and is fully GDPR/CCPA compliant" They all have the ultimate goal of helping companies "improve their databases and provide better products, services, and prices"

On paper, this seems a bit intrusive but harmless, but when you download a free app instead of a paid app, you get what you pay for what LumiaApps did not envision is that hackers would find a way to use the app monetization platform for their own benefit would find a way to use the app monetization platform for their own benefit

After examining these 28 apps, HUMAN security researchers discovered that they all contained a Golang library used to run a proxy called "Proxylib" The first app the company discovered that contained Proxylib was a free Android VPN app called Oko VPN Security researchers later discovered that this same library was used by LumiApps' Android app monetization service

Based on the findings, HUMAN believes that these malicious apps are associated with a Russian home proxy service provider called Asocks it is worth noting that Asocks' services are often promoted in online hacking forums It is worth noting that Asocks' services are often promoted in online hacking forums

Earlier this year, LumiApps released a new version of its SDK, including Proxylib v2 Apparently this was done to address "integration issues," but it is unclear as to whether it can be exploited by hackers

Google then removed all remaining apps and all new apps using the LumiApps SDK from the Play Store Similarly, some of the developers who had used the SDK also removed it to fix their apps, but some have re-released the same apps using different developer accounts

The first thing you want to do to protect yourself and your device from malicious apps is to avoid installing unwanted apps on your Android smartphone Ask yourself if you really need that app, and check the ratings and reviews of that app before installing it Keep in mind, however, that reviews and ratings can be faked For that reason, I always recommend looking at video reviews

On the security front, make sure you have Google Play Protect enabled But for added protection, you should consider installing one of the best Android antivirus apps

As for free VPN apps and free VPNs in general, I really don't recommend them Most VPN services are fairly inexpensive for what they offer, and if you shop wisely, you can often get great deals on top providers like ExpressVPN, NordVPN, Surfshark, etc For example, I bought a 2-year subscription to Surfshark on Black Friday a year and a half ago at a steep discount, and it is still going strong

Hackers and other cybercriminals will continue to release malicious apps and try to turn good apps evil by injecting malicious code This is because smartphones these days contain far too much personal and financial data Therefore, it is important to think twice and do proper research before installing any new app on your smartphone, no matter how popular it may be