SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Shining a Light on the Risks of HolaVPN and Luminati

By Trend Micro Team

December 19, 2018

What would happen if a VPN doesnít do what itís intended to do ó which is to deliver an anonymous and secure way for users to go online? This is what we sought to uncover in our research on HolaVPN and its sister company Luminati.

Virtual Private Networks (VPNs) were created for a reason: secure internet access. And as the threat landscape continues to shift as the years progress, the reasons also increasingly grow. In a digital world riddled with privacy risks, data insecurity, and government restrictions and surveillance, VPNs serve as the internet userís shield. After all, VPN services promise data encryption and anonymity. Through a VPN, a user can cloak his or her IP address and even sensitive financial data.

But what if it is actually this shield that is hiding something from users? This is what we sought to uncover in our research on an unsafe VPN.

The Indicators of an Unsafe VPN

An unsafe VPN doesnít do what itís intended to do ó which is to deliver an anonymous and secure way for users to go online.

VPNs that are infected with malware is one example. In 2017, researchers from Australia, the U.K., and the U.S. studied 234 VPN applications available on the Google Play Store. They discovered that more than a third of these apps used malware to track usersí online behavior.

There are also VPNs that leak IP addresses. In March 2018, a security researcher found that 17 out of 83 tested VPN clients leaked usersí IP addresses via their browsers. One of the 17 VPNs listed is HolaVPN, a popular VPN service by Hola Networks Ltd., which had also been observed stealing usersí bandwidth. It has been installed on millions of computers worldwide ó users of its Google Chrome extension alone exceed 8 million.

Shedding Light on HolaVPN and Luminati

The HolaVPN software is being marketed as a community VPN, meaning it claims to enable users to share their internet connections with other users in different parts of the globe. The goal? For users to access websites without fear of censorship and surveillance.

In 2015, 8chan was on the receiving end of a spam attack that rendered its website unusable for a few minutes. The attack, which was initiated by a popular spammer called ďBui,Ē helped expose how HolaVPN is selling its users as exit nodes via its sister company Luminati. Up until recently, Luminatiís use of HolaVPN exit nodes has been vague. Whatís clear is that Luminatiís residential proxy network could attract unsavory users, threat actors that could abuse it for cybercriminal activity.

To gain a better understanding of how Luminati works, we wanted to get a detailed analysis of Luminatiís web traffic. The research data included 100 million URLs that were anonymously scanned through Trend Micro software.

Breakdown of Luminati Traffic


 

The study revealed that more than 85 percent of the traffic in the dataset was directed to mobile advertisements and other mobile-related domains and programs ó an indication that cybercriminals could use the service for large-scale click fraud schemes. We have also found a link to the former KlikVip actors and websites with traffic routed through Luminati.   

The Consequences of Using an Unsafe VPN

VPNs are helpful in keeping online activity secure. But using the wrong VPN can put a user and a userís machine at risk. This is true for HolaVPN users, especially in the corporate setting.

Our findings reveal that a userís machine, once installed with the free HolaVPN, will become one of Luminatiís exit nodes. If the userís machine happens to be part of a corporate network, its being an exit node may provide unknown third parties possible entry to company systems. HolaVPN could enable attackers to circumvent corporate firewalls and allow them to explore the internal network of a company for nefarious purposes.

Aside from this, HolaVPN usersí bandwidths are being sold via Luminati and could end up being part of botnet activity facilitated by the network. It could also enable cybercriminals to perform different illegal or unauthorized activities on usersí machines. These and more make for a strong case for doing diligent research before installing any VPN software.

In our research paper titled ďIlluminating HolaVPN and the Dangers It Poses,Ē we demonstrate how HolaVPN and Luminati are being abused by cybercriminals for a variety of schemes and provide an in-depth look at how unsafe VPNs can put internet users and enterprise systems at risk.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement