VPN usage has surged since the COVID-19 pandemic because of more employees working from home than ever before. Employees rely on VPNs as a means to connect to company systems and access company data while working remotely. In some other cases, users install a VPN on their devices for privacy reasons or to circumvent censorship of material in certain regions. Cyber criminals are trying to exploit this situation by embedding malware within a VPN. While the malicious VPN is fully functional, the VPN client on the user’s device also infects the device with malicious software. Once installed, the malicious software can carry out a wide range of actions from stealing various types of information, such as call logs and contact lists to tracking the victim’s activity and connect to a remote server to fetch additional commands. A significant number of cases of free VPNs have been identified that contain malware, such as the SandStrike Android spyware.
The method, published by the journal of Neural Computing and Applications, includes a novel dataset of benign and malicious Android VPNs and an optimised deep neural network for the detection of malicious VPNs based on the permissions of the apps. Experimental results demonstrate that the proposed approach outperforms other machine learning classifiers in terms of accuracy and precision and can detect malicious Android VPNs.
Article: MVDroid: an android malicious VPN detector using neural networks | SpringerLink