2020/04/11

thumbnail

Are you a user of SuperVPN? Delete it now.


Google has removed one of the most popular free virtual private network (VPN) apps linked to a dodgy developer and so should you, if you have it on your phone.
Prior to its removal, SuperVPN boasted over 100 million installs (thats about as many downloads as Tinder has) and close to a million reviews on the Play Store.
A whopping half of those downloads took place in the last three months or so, as the Covid-19 outbreak forced billions around the globe to stay home.
The Pro version of the app has chalked up an impressive 5 million installs and remains on the Play Store (though we wouldnt recommend that you go download it).

Whos behind it?


SuperVPN was listed on the Play Store as being developed by an app publisher called SuperSoftTech that purports to be based in Singapore but really is a non-existent company, a huge red flag.
Its real owner, however, is one Jinrong Zheng, a developer that is likely based in Beijing or Shenyang.
By using robot accounts to leave fake reviews on the page, Zheng was able to game Play Store search results, thereby attracting millions to download the app.
Zheng is also associated with LinkVPN which has also been removed from Apples App Store (and which you should also remove if you have it on your iPhone).


Neither super nor private


Tech researchers have flagged SuperVPN as being malicious as early as 2016.According to VPNpro, the app has critical vulnerabilities that allow for man-in-the-middle (MITM) attacks that can easily allow hackers to intercept communications between the user and the provider, and even redirect users to a hackers malicious server instead of the real VPN server.
With HTTP traffic unencrypted, and hardcoded encryption keys found within the app, the app also sends EAP credentials in an unencrypted payload.
If all the above technical jargon sounds like malarkey to you, all you need to know is that you could have your credit card information stolen, and your conversations, photos and videos stored and sent to some secret server.




Advertisement


 \n

Subscribe by Email

Follow Updates Articles from This Blog via Email

No Comments

Blogroll