After analysing the web traffic of multiple network bandwidth-sharing companies, researchers at Trend Micro have concluded that these apps might be exposing users to risk at the cost of negligible passive income. The apps analysed in the study include Honeygain, PacketStream and IPRoyal Pawns among others.
These bandwidth-sharing apps promise money in exchange for the users sharing their network bandwidth which is then sold to customers wanting residential proxy services. While the companies claim that these services may be used for things like demographic research, bypassing geo-restrictions for gaming or online shopping and privacy reasons to name a few, there is some suspicious activity in the mix as well.
Bandwidth-sharing doesn’t even generate a significant amount of revenue for most users either. In one case of a bandwidth-sharing app dashboard shared by a blogger, referrals made up more than half the total revenue earned, while actual bandwidth-sharing revenue was as little as $20 per month. The apps don’t even let customers withdraw these small amounts, opening them up to risks with no real incentive.
According to Trend Micro, the traffic recorded in the study was captured between January to September 2022 from “a large number of exit nodes”, exit nodes being computers or devices with these bandwidth-sharing apps installed.
Most of the observed traffic was in fact legitimate, including regular web browsing activities like browsing news and online shopping websites and listening to news streams. There were, however, some questionable connections found too indicating that the customer was performing activities that might be suspicious or even illegal in some countries.
| Suspicious activity | Proxyware app |
|---|---|
| Accessing third-party SMS and SMS PVA services | Honeygain, PacketStream |
| Accessing possibly click-fraud or silent ad sites | Honeygain |
| SQL injection probing | Honeygain, PacketStream, IPRoyal Pawns |
| Attempts to access / etc / passwd and other security scans | Honeygain, PacketStream |
| Registering social media accounts in bulk | IPRoyal Pawns |
| Crawling Personally Identifiable Information including national IDs and Social Security Numbers | IPRoyal Pawns |
| Crawling government websites | Honeygain |
While the app publishers cannot be held responsible for this traffic in most cases, these applications also don’t give users any means of controlling or monitoring what traffic flows through their exit nodes. Because of this nature, these apps have been classified as proxyware.
Another group of “unwanted applications” discovered by the researchers which were being distributed under the guise of free software tools was secretly turning users’ PCs into proxy nodes without their consent. These programs install proxyware functionality, including the Globalhop SDK on users’ devices without clearly notifying them.
The network traffic generated by these apps is similar to the aforementioned bandwidth-sharing apps as summarised in the table below.
| Suspicious activity | Proxyware app |
|---|---|
| Registering NFT lucky draws | Walliant, Decacopy Clipboard Manager, Taskbar System |
| SQL injections and scans | EasyAsVPN, Decacopy Clipboard Manager, Walliant |
| Government website crawling | Walliant, Restminder, Taskbar System, Decacopy Clipboard Manager, Relevant Knowledge |
In such cases, all the “passive income” goes to the developers and the users are left bearing the risk, only being able to use the free program they downloaded. Some of these programs include:
- Walliant
- Decacopy
- EasyAsVPN
- Taskbar System
- Relevant Knowledge (adware)
- RestMinder
- Viewndow
- Saferternet
In the News: Qualcomm announces X35 and X3chips for next-gen 5G devices
