{"id":50443,"date":"2023-02-07T00:00:00","date_gmt":"2023-02-07T00:00:00","guid":{"rendered":"urn:uuid:b80e5ccd-a2af-ac23-0c4f-76b49dd76e90"},"modified":"2023-02-07T00:00:00","modified_gmt":"2023-02-07T00:00:00","slug":"hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/","title":{"rendered":"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/The-Security-Risks-of-Passive%20Income-Software-641.png\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/The-Security-Risks-of-Passive%20Income-Software-641.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>But is this true? To examine and understand the kind of risks a potential user might be exposed to by joining such programs, we recorded and analyzed network traffic from a large number of exit nodes of several different network bandwidth sharing services (exit nodes are computers who had these network bandwidth sharing services installed). &nbsp;<\/p>\n<p>From January to September 2022, we recorded traffic coming from exit nodes of some of these passive income companies and examined the nature of the traffic being funneled through the exit nodes.<\/p>\n<p>First of all, our observation confirmed that traffic from other app partners are funneled to our exit node and most of it is legitimate. We saw normal traffic, such as browsing news websites, listening to news streams, or even browsing online shopping websites. However, we also identified some questionable connections. These connections demonstrated that some users were performing activities that are suspicious or possibly illegal in some countries.<\/p>\n<p>A summary of suspicious activities is given in the following table. We organized these activities by similarity and noted the proxy networks where we have observed these activities.<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\" height=\"100%\">\n<tbody readability=\"9\">\n<tr readability=\"2\">\n<td><b>Suspicious activity<\/b><\/td>\n<td><b>Traffic from Proxyware Applications<\/b><\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Access to 3<sup>rd<\/sup>-party SMS and SMS PVA services<\/td>\n<td>Honeygain, PacketStream<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Accessing potential click-fraud or silent advertisement sites<\/td>\n<td>Honeygain<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>SQL injection probing<\/td>\n<td>Honeygain, PacketStream, IPRoyal Pawns<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Attempts to access <i>\/etc\/passwd<\/i> and other security scans<\/td>\n<td>Honeygain, PacketStream<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Crawling government websites<\/td>\n<td>Honeygain<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Crawling of personally identifiable information (including national IDs and SSN)<\/td>\n<td>IPRoyal Pawns<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Bulk registration of social media accounts<\/td>\n<td>IPRoyal Pawns<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>In most cases, the application publishers probably would not be legally responsible for suspicious or malicious activities by the third-parties who use their proxy services. &nbsp;However, those who installed the \u201cnetwork bandwidth sharing\u201d applications have no means of controlling or&nbsp;<a href=\"https:\/\/blog.talosintelligence.com\/2021\/08\/proxyware-abuse.html\" target=\"_blank\" rel=\"noopener\">even monitoring<\/a> what kind of traffic goes via their exit node. &nbsp;Therefore, these network sharing apps are classified as riskware applications that we call proxyware.<\/p>\n<p><b>Suspicious activities from proxyware<\/b><\/p>\n<p>The table above outlines the malicious and suspicious activity we observed, and we go into further detail about these activities in this section.<\/p>\n<p>We observed multiple instances of automated access to third-party SMS PVA providers. What are SMS PVA services? We have written a paper about <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/b\/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html\">SMS PVA services and how they are often being (mis)used<\/a>. In a nutshell, these services are often used for bulk registration of accounts in online services. Why do people often use them in combination with proxies? Those accounts are often bound to a particular geographical location or a region, and the location or a region has to match the phone number that is being used in the registration process. Thus, the users of SMS PVA services want their exit IP address to match the locality of the number, and sometimes use a specific service (in case a service is only accessible in a particular region).<\/p>\n<p>These bulk registered accounts (aided by residential proxies and SMS PVA services) are often then used in a variety of dubious operations: social engineering and scams against individual users, and abuse of sign-up and promotion campaigns of various online businesses that could result in thousands of dollars in monetary loss.<\/p>\n<p>Potential click fraud was another type of activity that we observed coming from these networks. Doing click-fraud or silent ad sites means that the computers with \u201cpassive income\u201d software are used as exit nodes to \u201cclick\u201d on advertisements in the background. Advertisers have to pay for ineffective clicks (no one really saw the ads) and the network traffic looks almost identical to a normal user clicking on the ads at home.<\/p>\n<p>SQL injection is a common security scan that attempts to exploit user input validation vulnerabilities in order to dump, delete, or modify the content of a database. There are a number of tools that automate this task. However, doing security scanning without proper authorization and doing SQL injection scans without a written permission from the website owner is criminal activity in many countries and may result in prosecution. We have observed a number of attempts to probe for SQL injection vulnerabilities from many \u201cpassive income\u201d software. This kind of traffic is risky and users who share their connections could potentially be involved in legal investigations.<\/p>\n<p>Another similar set of activities with similar risks that we observed is scans from tools. These scans attempt to access the <i>\/etc\/passwd<\/i> file by trying to exploit various vulnerabilities \u2014 when successful, this signifies that a system is vulnerable to arbitrary file exposure and allows an attacker to obtain the password file on a server. Hackers use such software vulnerabilities to retrieve arbitrary files from vulnerable websites. Needless to say, it is illegal to conduct such activities without written permission from the server\u2019s owner.<\/p>\n<p>Crawling government websites might not be illegal at all. There usually are terms of fair use requiring that users not place too many queries at the same time. Many websites use technical means to prevent heavy crawling by using captcha services. We have observed the use of automated tools that use anti-captcha tools to bypass these restrictions while trying to access government websites. We have also seen crawlers that scrape for legal documents from law firms and court websites.<\/p>\n<p>Crawling of personal identifiable information (PII) might not be illegal in all countries, but this activity is questionable because we do not know how such information may be later misused. In our study, we have seen a suspicious crawler downloading information of Brazilian citizens in bulk. Such information included names, dates of birth, gender and CPF (equivalent to national SSN). Obviously, if such activity is investigated, the \u201cpassive income\u201d software users would be the first point of contact, as it would be their IP address that got logged on those websites.<\/p>\n<p>People who register a lot of social media accounts can use it for multiple purposes, such as online spam, scam campaigns, and bots that spread misinformation and promote fake news. Such accounts are also often used to give fake reviews of goods and services. In the collected traffic, we have seen the registration of TikTok accounts with unconventional email addresses. Even though it is not illegal per se, users who have installed \u201cpassive income\u201d software might be asked to prove who they are or to get through more \u201cvalidate you are a human\u201d tests in their normal browsing activity.&nbsp; This is because there are too many registered accounts from their home IP and they can be misidentified as being affiliated with those campaigns.<\/p>\n<p>If you think these examples are farfetched, there is a case in 2017 when a<a href=\"https:\/\/www.accessnow.org\/access-now-eff-condemn-arrest-tor-node-operator-dmitry-bogatov-russia\/\" target=\"_blank\" rel=\"noopener\"> Russian citizen was arrested<\/a> and accused of terrorism. This person was running a Tor exit node and someone used this to post pro-violence messages during anti-government protests. Proxyware is similar to a Tor exit node because both funnel traffic from one user to another. This example specifically shows how much trouble you can get yourself into if you don\u2019t know what the people using your computer as an exit node are doing.<\/p>\n<p><span class=\"body-subhead-title\">Other variants of proxyware run without user consent<\/span><\/p>\n<p>During our research, we also identified a group of unwanted applications that are distributed as free software tools. However, it appears to us that these applications are covertly turning the user machine into a proxy node. These applications appear to install Proxyware functionality on devices, like Globalhop SDK, without clearly notifying users that their devices will be used as passive exit nodes. Some end-user license agreement (EULA) documents may explicitly mention the inclusion of Globalhop SDK or the exit node functionality of the apps, while others do not. But, in our opinion, including notification only in the EULA\u2014a document that few users ever read\u2014doesn\u2019t provide fair notice to users that installing the app will result in unknown third parties using their devices as an exit node.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/b\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this investigation, we analyzed several prominent &#8220;passive income&#8221; applications and found out that there may be security risks upon participating in these programs. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50444,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9523,9536,9509],"class_list":["post-50443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-network","tag-trend-micro-research-privacyrisks","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-07T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/The-Security-Risks-of-Passive%20Income-Software-641.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk\",\"datePublished\":\"2023-02-07T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/\"},\"wordCount\":1316,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Network\",\"Trend Micro Research : Privacy&amp;Risks\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/\",\"name\":\"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png\",\"datePublished\":\"2023-02-07T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/","og_locale":"en_US","og_type":"article","og_title":"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-02-07T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/The-Security-Risks-of-Passive%20Income-Software-641.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk","datePublished":"2023-02-07T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/"},"wordCount":1316,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Network","Trend Micro Research : Privacy&amp;Risks","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/","url":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/","name":"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png","datePublished":"2023-02-07T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk.png","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hijacking-your-bandwidth-how-proxyware-apps-open-you-up-to-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50443"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50443\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50444"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}