Hidden Dangers: “Free” VPN Turns Gamers into Unwitting Accomplices
Users of the popular VR game Gorilla Tag have discovered a way to circumvent the rules and gain an unfair advantage over opponents by utilizing a VPN application embedded with hidden malicious features.
Online video tutorials have emerged, detailing the process of installing a VPN on Meta virtual reality headsets. The application Big Mama VPN has become the most popular choice due to its free availability, lack of registration requirements, and, according to the video creators, its ability to introduce latency that benefits players.
However, the use of Big Mama VPN carries significant risks. Researchers at Trend Micro revealed that the application connects users’ devices to a proxy network, allowing others to utilize their internet connection for anonymous online activities. This technology, known as a residential proxy, is frequently exploited by cybercriminals for launching attacks, building botnets, and other illicit operations.
According to Trend Micro, Meta devices rank third in popularity within the Big Mama network, following Samsung and Xiaomi smartphones. Employing such applications can inadvertently transform home internet connections into tools for cyberattacks or fraudulent schemes. The developers of Gorilla Tag assert that the game incorporates mechanisms to detect suspicious activity, but the installation of third-party applications remains beyond their control.
Further investigations uncovered that the Big Mama proxy network is actively promoted on cybercriminal forums and Telegram channels. Experts from Kela identified over a thousand posts discussing its usage since 2020, with topics ranging from configuration methods to employing the network for bypassing restrictions or conducting attacks. Although representatives of Big Mama claim the service is used solely for legitimate purposes, its advertising raises serious doubts.
The Big Mama VPN website openly states that user traffic may be utilized for other purposes. Its services include data collection for price analysis, ticket purchasing, and other tasks, which, while potentially legal, can also veer into questionable territory.
Earlier, Trend Micro identified a vulnerability in the Big Mama VPN application that could have allowed attackers to access local networks of connected devices. Although the flaw was patched, experts remind users that free VPN applications often pose inherent privacy and security risks. They advise downloading apps exclusively from official stores and carefully reviewing their terms to protect personal data and devices from potential threats.