Recent analyses indicate that users of cybercrime forums have been discussing and recommending the “Big Mama” proxy service over the past year. Notably, in April, Cisco Talos, a cybersecurity division of Cisco, reported seeing traffic from Big Mama Proxy among other proxies, utilized by attackers trying to brute force access to various corporate systems. This activity underscores the growing concern regarding the use of such proxies in cyber operations.
Interestingly, Big Mama’s website provides limited information on its ownership and governance. According to their terms of service, a Romanian entity named BigMama SRL is registered; however, earlier versions of their website, along with some current pages, indicate that BigMama LLC was registered in Wyoming, USA. This US business has since been dissolved and is listed as inactive, according to the Wyoming Secretary of State.
In response to inquiries from WIRED regarding operational practices, an individual identifying as Alex A stated that information about data sharing with third parties is prominently displayed within the application and on relevant platforms. Users of the Big Mama VPN must accept these terms prior to usage, making it clear that the service is primarily available through the Google Play Store.
Alex A asserted that the company has never promoted its services on the aforementioned cybercrime forums and indicated ignorance regarding the Cisco Talos findings linking their network to cyberattacks. Furthermore, the individual declared that the company takes measures to block spam, DDoS attacks, and unauthorized SSH access, while logging user activity in cooperation with law enforcement.
Despite agreeing to further communication regarding the cybercrime forums and the Talos report, Alex A did not respond to additional requests for information concerning security protocols, the identity behind the persona, or details about company operations. This lack of transparency raises red flags about accountability within the organization.
Adding to the concerns, Trend Micro’s Hilt highlighted a security vulnerability within the Big Mama VPN that could allow unauthorized access to a user’s local network. The company reportedly addressed this flaw swiftly after Trend Micro’s notification, as confirmed by Alex A.
Security experts caution that using free VPN services such as Big Mama inherently comes with privacy and security risks. Downloading applications from unofficial sources increases the likelihood of encountering malicious software, underscoring the importance of vigilance when accessing these tools, particularly on devices like VR headsets.
Ultimately, the discussions surrounding Big Mama and its recurring mention in cybercrime activities serve as a reminder to businesses about the potential vulnerabilities in using free VPN services. Referencing the MITRE ATT&CK framework, tactics such as initial access and privilege escalation may have been employed by attackers leveraging such proxies, highlighting the critical need for businesses to evaluate the security implications of their software choices thoroughly.
