Skip to content

Bandwidth-sharing apps might be exposing you to online risks

  • by
  • 3 min read

After analysing the web traffic of multiple network bandwidth-sharing companies, researchers at Trend Micro have concluded that these apps might be exposing users to risk at the cost of negligible passive income. The apps analysed in the study include Honeygain, PacketStream and IPRoyal Pawns among others. 

These bandwidth-sharing apps promise money in exchange for the users sharing their network bandwidth which is then sold to customers wanting residential proxy services. While the companies claim that these services may be used for things like demographic research, bypassing geo-restrictions for gaming or online shopping and privacy reasons to name a few, there is some suspicious activity in the mix as well.

Bandwidth-sharing doesn’t even generate a significant amount of revenue for most users either. In one case of a bandwidth-sharing app dashboard shared by a blogger, referrals made up more than half the total revenue earned, while actual bandwidth-sharing revenue was as little as $20 per month. The apps don’t even let customers withdraw these small amounts, opening them up to risks with no real incentive.

According to Trend Micro, the traffic recorded in the study was captured between January to September 2022 from “a large number of exit nodes”, exit nodes being computers or devices with these bandwidth-sharing apps installed.

India, USA, UK and Canada hit with healtcare database attacks: FireEye

Most of the observed traffic was in fact legitimate, including regular web browsing activities like browsing news and online shopping websites and listening to news streams. There were, however, some questionable connections found too indicating that the customer was performing activities that might be suspicious or even illegal in some countries. 

Suspicious activityProxyware app
Accessing third-party SMS and SMS PVA servicesHoneygain, PacketStream
Accessing possibly click-fraud or silent ad sitesHoneygain
SQL injection probingHoneygain, PacketStream, IPRoyal Pawns
Attempts to access / etc / passwd and other security scansHoneygain, PacketStream
Registering social media accounts in bulkIPRoyal Pawns
Crawling Personally Identifiable Information including national IDs and Social Security NumbersIPRoyal Pawns
Crawling government websitesHoneygain

While the app publishers cannot be held responsible for this traffic in most cases, these applications also don’t give users any means of controlling or monitoring what traffic flows through their exit nodes. Because of this nature, these apps have been classified as proxyware.

Another group of “unwanted applications” discovered by the researchers which were being distributed under the guise of free software tools was secretly turning users’ PCs into proxy nodes without their consent. These programs install proxyware functionality, including the Globalhop SDK on users’ devices without clearly notifying them.

The network traffic generated by these apps is similar to the aforementioned bandwidth-sharing apps as summarised in the table below.

Suspicious activityProxyware app
Registering NFT lucky drawsWalliant, Decacopy Clipboard Manager, Taskbar System
SQL injections and scansEasyAsVPN, Decacopy Clipboard Manager, Walliant
Government website crawlingWalliant, Restminder, Taskbar System, Decacopy Clipboard Manager, Relevant Knowledge

In such cases, all the “passive income” goes to the developers and the users are left bearing the risk, only being able to use the free program they downloaded. Some of these programs include:

  • Walliant
  • Decacopy
  • EasyAsVPN
  • Taskbar System
  • Relevant Knowledge (adware)
  • RestMinder
  • Viewndow
  • Saferternet

In the News: Qualcomm announces X35 and X3chips for next-gen 5G devices

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>