In other posts over the past year, according to Kela’s analysis, cybercrime forum users have praised Big Mama or shared tips about configurations people should use. In April of this year, security company Cisco Talos said it saw vehicles from Big Mama Proxy, along with other proxies, being used by attackers trying to break into various types of companies.
Mixed Messages
Big Mama has few details about its ownership or leadership on its website. The company’s terms of service states that an entity called BigMama SRL is registered in Romania, although the previous version of its website from 2022, and at least one page that is live now, lists BigMama LLC’s legal address in Wyoming. The US-based business was dissolved in April and is now listed as defunct, according to the Wyoming Secretary of State’s website.
Someone who goes by the name Alex A responded to an email from WIRED about how Big Mama works. In the email, they said information about free user communications sold to third parties through Big Mama Network is “repeated in the app’s marketplace and in the app itself several times,” and people must accept the terms of the terms to use it. a VPN. They say that Big Mama VPN is only legally available on the Google Play Store.
“We do not and have never advertised our services on the platforms you mentioned,” the email said. They said they were unaware of Talos’ April findings about its network being used as part of a cyberattack. “We block spam, DDOS, SSH and local network etc. We log user activity to cooperate with law enforcement agencies,” the email said.
The Alex A persona asked WIRED for more information about social media ads, details about Talos’ findings, and information about teenagers using Big Mama on Oculus devices, saying he would be “happy” to answer more questions. However, they did not respond to any other emails with more details about the research findings and questions about their security measures, whether they believe someone is posing as Big Mom to post on cybercrime sites, Alex A’s identity, or who runs the company. .
During the analysis, Trend Micro’s Hilt says the company also discovered a security vulnerability within Big Mama VPN, which could allow a user acting as a proxy to access someone’s local network if exploited. The company says it reported the error to Big Mama, which fixed it within a week, information Alex A confirmed.
Ultimately, Hilt says, there are potential risks any time anyone downloads and uses a free VPN. “All free VPNs come with some privacy trade-offs or security concerns,” he said. That applies to people who sideload them to their VR headsets. “When you download apps from the Internet that are not from official stores, there is always an inherent risk that they are not what you think they are. And that even happens with Oculus devices. “
Source link
/cdn.vox-cdn.com/uploads/chorus_asset/file/25728924/STK133_BLUESKY__B.jpg?w=390&resize=390,220&ssl=1 "Bluesky now has a chat tab in your notification area")