- Joined
- May 15, 2016
- Messages
- 13,744
- Likes
- 2,643
- Points
- 1,730
A 626 GB database with the data of users who fell victim to spyware turned out to be publicly available.
On July 7, Cybernews researcher Aras Nazarovas discovered an open instance of ElasticSearch containing 626 GB of VPN connection logs with 5.7 billion Airplane Accelerates free VPN user records, including:
.png)
According to the expert, this data leak could be used to deanonymize and track users of this app. An analysis of the Android app also shows that it is capable of acting as spyware and has remote code execution capabilities.
According to the investigation, the Airplane app requested a wide range of permissions, ranging from accessing the camera and recording audio, to reading and editing contacts, connecting external storage, and installing packages. According to Nazarovas, the number of permissions requested suggests that some of the information being collected is stored in a different database.
Cybernews researched the Android version of the app and found a list of domains:
The investigation revealed that the application's developer is based in Australia, where it is registered under the name AP Network PTY Ltd. What's more, the Chinese website that distributes the app can be found at vp2n.cc. However, the application for Windows, MacOS and Android can only be downloaded from the developer's website "apnetworksapp.com", while the iOS version can only be downloaded from the App Store.
It was previously reported that the Chinese APT group RedAlpha is behind a large-scale credential theft campaign. The campaign targets global humanitarian, think tank and government organizations.
__________________
On July 7, Cybernews researcher Aras Nazarovas discovered an open instance of ElasticSearch containing 626 GB of VPN connection logs with 5.7 billion Airplane Accelerates free VPN user records, including:
- user IDs;
- User IP addresses;
- The IP addresses they connected to;
- domain names;
- timestamps.
According to the expert, this data leak could be used to deanonymize and track users of this app. An analysis of the Android app also shows that it is capable of acting as spyware and has remote code execution capabilities.
According to the investigation, the Airplane app requested a wide range of permissions, ranging from accessing the camera and recording audio, to reading and editing contacts, connecting external storage, and installing packages. According to Nazarovas, the number of permissions requested suggests that some of the information being collected is stored in a different database.
Cybernews researched the Android version of the app and found a list of domains:
- VPN services;
- anti-Chinese sites;
- porn sites;
- open-source tools for bypassing censorship;
- hacker tools;
- social networks;
- search engines.
The investigation revealed that the application's developer is based in Australia, where it is registered under the name AP Network PTY Ltd. What's more, the Chinese website that distributes the app can be found at vp2n.cc. However, the application for Windows, MacOS and Android can only be downloaded from the developer's website "apnetworksapp.com", while the iOS version can only be downloaded from the App Store.
It was previously reported that the Chinese APT group RedAlpha is behind a large-scale credential theft campaign. The campaign targets global humanitarian, think tank and government organizations.
__________________