edit: please see comments for more informed insights.

I am currently investigating and reverse engineering free VPNs for a master thesis, and just came across something I thought I’d share. VPN in this case is 1clickvpn.net, not .com!

I’m sharing this as a warning as to never use free vpns! They are most often the opposite of what they promise to be. (by free I do not mean the free versions of premium services). But either way; be careful about your VPN choice, as they have access to a lot of sensitive data. I’m sure most peeps here know of this already, but next time you hear someone using a free vpn, let them know…

This first image/code was sitting inside a file called NetworkModule, with some hella weird external links.

  1. addrDOTcx, seems to have been linked to malware? Comes up flagged as malicious a few times on VirusTotal.
  2. freevpnDOTzone, seems to be another free possible malicious VPN service, might investigate this one later.
  3. bigbrolookDOTcom, seems to longer be a registered domain. But wtf? Was this VPN service linked to p*rn??
IMAGE HERE; Don't visit these links unless you know what you're doing.

Furthermore, there is this interesting find; Now I am no expert coder, frankly quite the amateur. But does the below code really mean what I think it does? Seems like it could be creating a fake connection?. This is more-less normal behaviour it seems, considering it is a local address it is probably used for testing purposes or making the app not crash if a connection cant be established. Is used once here;

Stay safe 🌻

  • BearOfaTime@lemm.ee
    link
    fedilink
    arrow-up
    11
    ·
    edit-2
    9 months ago

    Keep in mind the client doesn’t have to do anything malicious, since it’s their encryption - they could easily examine your traffic while it’s on their infrastructure.

    Third party VPN like this requires a high degree of trust.

    • Possibly linux
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      I believe it is easier to pull a man in the middle attack from the client

    • Sips'@slrpnk.netOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      9 months ago

      Yeah! This VPN for instance too has their own proprietary protocol too…