The VPN provider Swing VPN finds itself in hot water as it faces accusations of executing distributed denial-of-service (DDoS) attacks via users’ smartphones. A security researcher stumbled upon suspicious traffic occurring through the VPN app, triggering the investigation.
The researcher observed requests being sent to a website that the user had never visited before. These requests contained data that put significant load on the targeted site. Notably, these requests were being sent every ten seconds.
To determine its targets, the app downloads a configuration file, and the evidence suggested that organizations primarily in Turkmenistan were the targets. The observed behavior is exclusive to the Android version of the app and is not present in the iOS version. The “Swing VPN – Fast VPN Proxy” app for Android, with over five million downloads, is surprisingly listed under a different name in the Apple App Store compared to the Google Play Store.
