In other posts during the last year, according to the Kela analysis, cybercrime forum engagers have recommfinished Big Mama or spreadd tips about the configurations people should engage. In April this year, security company Cisco Talos shelp it had seen traffic from the Big Mama Proxy, alengthyside other proxies, being engaged by strikeers trying to brute force their way into a variety of company systems.
Mixed Messages
Big Mama has scant details about its ownership or directership on its website. The company’s terms of service say that a business called BigMama SRL is sign uped in Romania, although a previous version of its website from 2022, and at least one inhabit page now, enumerates a legitimate compriseress for BigMama LLC in Wyoming. The US-based business was disrepaird in April and is now enumerateed as inactive, according to the Wyoming Secretary of State’s website.
A person using the name Alex A reacted to an email from WIRED about how Big Mama runs. In the email, they say that directation about free engagers’ connections being sanciaccess to third parties thraw the Big Mama Nettoil is “duplicated on the app taget and in the application itself cut offal times,” and people have to hug the terms of conditions to engage the VPN. They say the Big Mama VPN is officiassociate only useable from the Google Play Store.
“We do not publicize and have never publicized our services on the forums you have alludeed,” the email says. They say they were not directed of the April discoverings from Talos about its nettoil being engaged as part of a cyberstrike. “We do block spam, DDOS, SSH as well as local nettoil etc. We log engager activity to corun with law executement agencies,” the email says.
The Alex A persona asked WIRED to sfinish it more details about the adverts on cybercrime forums, details about the Talos discoverings, and directation about teenagers using Big Mama on Oculus devices, saying they would be “satisfied” to answer further inquires. However, they did not react to any further emails with compriseitional details about the research discoverings and inquires about their security meacertains, whether they consent someone was impersonating Big Mama to post on cybercrime forums, the identity of Alex A, or who runs the company.
During its analysis, Trfinish Micro’s Hilt says that the company also set up a security vulnerability wiskinny the Big Mama VPN, which could have apvalidateed a proxy engager to access someone’s local nettoil if take advantage ofed. The company says it inestablished the flaw to Big Mama, which repaired it wiskinny a week, a detail Alex A validateed.
Ultimately, Hilt says, there are potential dangers whenever anyone downloads and engages a free VPN. “All free VPNs come with a trade-off of privacy or security worrys,” he says. That applies to people side-loading them onto their VR headsets. “If you’re downloading applications from the internet that aren’t from the official stores, there’s always the inherent danger that it isn’t what you skinnyk it is. And that comes real even with Oculus devices.”
