Shining a Light on the Risks of HolaVPN and Luminati

What would happen if a VPN doesn’t do what it’s intended to do — which is to deliver an anonymous and secure way for users to go online? This is what we sought to uncover in our research on HolaVPN and its sister company Luminati.

Illuminating HolaVPN and the Dangers It Poses View Illuminating HolaVPN and the Dangers It Poses

Virtual Private Networks (VPNs) were created for a reason: secure internet access. And as the threat landscape continues to shift as the years progress, the reasons also increasingly grow. In a digital world riddled with privacy risks, data insecurity, and government restrictions and surveillance, VPNs serve as the internet user’s shield. After all, VPN services promise data encryption and anonymity. Through a VPN, a user can cloak his or her IP address and even sensitive financial data.

But what if it is actually this shield that is hiding something from users? This is what we sought to uncover in our research on an unsafe VPN.

The Indicators of an Unsafe VPN

An unsafe VPN doesn’t do what it’s intended to do — which is to deliver an anonymous and secure way for users to go online.

VPNs that are infected with malware is one example. In 2017, researchers from Australia, the U.K., and the U.S. studied 234 VPN applications available on the Google Play Store. They discovered that more than a third of these apps used malware to track users’ online behavior.

There are also VPNs that leak IP addresses. In March 2018, a security researcher found that 17 out of 83 tested VPN clients leaked users’ IP addresses via their browsers. One of the 17 VPNs listed is HolaVPN, a popular VPN service by Hola Networks Ltd., which had also been observed stealing users’ bandwidth. It has been installed on millions of computers worldwide — users of its Google Chrome extension alone exceed 8 million.

Shedding Light on HolaVPN and Luminati

The HolaVPN software is being marketed as a community VPN, meaning it claims to enable users to share their internet connections with other users in different parts of the globe. The goal? For users to access websites without fear of censorship and surveillance.

In 2015, 8chan was on the receiving end of a spam attack that rendered its website unusable for a few minutes. The attack, which was initiated by a popular spammer called “Bui,” helped expose how HolaVPN is selling its users as exit nodes via its sister company Luminati. Up until recently, Luminati’s use of HolaVPN exit nodes has been vague. What’s clear is that Luminati’s residential proxy network could attract unsavory users, threat actors that could abuse it for cybercriminal activity.

To gain a better understanding of how Luminati works, we wanted to get a detailed analysis of Luminati’s web traffic. The research data included 100 million URLs that were anonymously scanned through Trend Micro software.

Breakdown of Luminati Traffic

The study revealed that more than 85 percent of the traffic in the dataset was directed to mobile advertisements and other mobile-related domains and programs — an indication that cybercriminals could use the service for large-scale click fraud schemes. We have also found a link to the former KlikVip actors and websites with traffic routed through Luminati.   

The Consequences of Using an Unsafe VPN

VPNs are helpful in keeping online activity secure. But using the wrong VPN can put a user and a user’s machine at risk. This is true for HolaVPN users, especially in the corporate setting.

Our findings reveal that a user’s machine, once installed with the free HolaVPN, will become one of Luminati’s exit nodes. If the user’s machine happens to be part of a corporate network, its being an exit node may provide unknown third parties possible entry to company systems. HolaVPN could enable attackers to circumvent corporate firewalls and allow them to explore the internal network of a company for nefarious purposes.

Aside from this, HolaVPN users’ bandwidths are being sold via Luminati and could end up being part of botnet activity facilitated by the network. It could also enable cybercriminals to perform different illegal or unauthorized activities on users’ machines. These and more make for a strong case for doing diligent research before installing any VPN software.

In our research paper titled “Illuminating HolaVPN and the Dangers It Poses,” we demonstrate how HolaVPN and Luminati are being abused by cybercriminals for a variety of schemes and provide an in-depth look at how unsafe VPNs can put internet users and enterprise systems at risk.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.