According to Kela analysis, cybercrime forum users have recommended Big Mama in other posts over the past year or given tips on the configurations users should use. In April of this year, security company Cisco Talos said Big Mama proxy traffic was found to be used along with other proxies by attackers attempting to brute force into various corporate systems.
Mixed messages
Big Mama provides few details about its ownership or leadership on its website. The company’s terms of service state that a company called BigMama SRL is registered in Romania, although there is an earlier version of it Website from 2022And now at least one live pagelists a legal address for BigMama LLC in Wyoming. The U.S.-based company was dissolved in April and is now considered inactive, according to the Wyoming Secretary of State’s website.
A person named Alex A responded to an email from WIRED about how Big Mama works. The email states that information about free user connections sold to third parties through the Big Mama Network is “duplicated several times in the app market and in the application itself” and that users must accept the terms of use of the VPN. They say that Big Mama VPN is officially only available on the Google Play Store.
“We do not advertise and have never advertised our services in the forums you mentioned,” the email said. They say they were unaware of Talos’ April findings about its network being used in a cyberattack. “We block spam, DDOS, SSH, as well as local networks, etc. We log user activity to cooperate with law enforcement,” the email said.
The Alex A personality asked WIRED to send her more details about the ads on cybercrime forums, details about the Talos results, and information about teenagers using Big Mama on Oculus devices, saying they would be happy to ask more questions answer. However, they did not respond to further emails with further details about the research and questions about their security measures, whether they believe someone is impersonating Big Mama to post on cybercrime forums, the identity of Alex A, or the person who who runs the company.
Trend Micro’s Hilt said in its analysis that the company also found a security flaw in Big Mama VPN that, if exploited, could have allowed a proxy user to access someone else’s local network. The company said it reported the bug to Big Mama, which fixed it within a week, a detail that Alex A confirmed.
Ultimately, Hilt says, there are potential risks whenever someone downloads and uses a free VPN. “All free VPNs come with a trade-off between privacy and security concerns,” he says. This applies to people who sideload them onto their VR headsets. “When you download applications from the Internet that are not from the official stores, there is always the risk that they will not be what you expected. And that also applies to Oculus devices.”
