THE article discusses an operation named Lurking Lizard where fake applications, specifically a fraudulent 7-Zip utility and WireVPN, convert user devices into residential proxy nodes without consent. Infoblox's research reveals that the threat actor has used over 230 domains, impersonating legitimate software and VPN services, to conduct a criminal residential proxy business. The Trojanized applications maintain deceptive structures to avoid user uninstallation.
The investigation indicates a sophisticated network with links to a Chinese entity, as WHOIS data connects the domain registrations to names and contacts in China. The WireVPN service, which has gained popularity with over a million downloads, exhibits behavior inconsistent with standard VPN operations, directing user traffic through multiple IP addresses instead of a stable connection.
The article emphasizes the illegitimate nature of this operation and warns users about potential compromises from downloading software from unverified sources.