In other posts over the last year, according to Kela's analysis, cybercrime forum users recommended Big Mama or shared tips on configurations people should use. In April this year, security company Cisco Talos speak it has seen traffic from Big Mama Proxy, along with other proxies, being used by attackers trying to penetrate various corporate systems.
Mixed messages
Big Mama has few details about ownership or leadership on its website. The company's terms of service state that a business called BigMama SRL is registered in Romania, even though its previous version was registered. website from 2022And at least one page is active nowlists BigMama LLC's legal address in Wyoming. According to the Wyoming Secretary of State's website, the U.S.-based business was dissolved in April and is currently listed as inactive.
A user named Alex A responded to an email from WIRED about how Big Mama works. In the email, they said that information about free user connections sold to third parties through Big Mama Network “is duplicated on the app marketplace and within the app itself multiple times” and that people must accept Get terms of use. VPN. They say that the official Big Mama VPN is only available from the Google Play Store.
“We do not advertise and have never advertised our services on the forums you mentioned,” the email said. They said they were not aware of the April findings from Talos that its network was being used as part of a cyberattack. “We block spam, DDOS, SSH as well as local networks, etc. We log user activity to cooperate with law enforcement agencies,” the email said.
Alex A asked WIRED for more details about the ads on the cybercrime forum, details about Talos' findings, and information about teens using Big Mama on Oculus devices, saying They will be “happy” to answer additional questions. However, they did not respond to any further emails with additional details about the research results nor questions about their security measures, whether they believe someone is impersonating Big Mama to post on a cybercrime forum or not, the identity of Alex A or the person running the company.
During its analysis, Trend Micro's Hilt said the company also found a security vulnerability in Big Mama VPN that could allow a proxy user to access someone's local network if exploited . The company said it reported the vulnerability to Big Mama and they fixed it within a week, a detail that Alex A confirmed.
Ultimately, Hilt said, there are always potential risks whenever someone downloads and uses a free VPN. “All free VPNs come with trade-offs regarding privacy or security concerns,” he said. That applies to people who download them into their VR headsets. “If you download applications from the Internet other than from official stores, there is always an inherent risk that it is not what you think. And that's true even with Oculus devices.”