In the popular virtual reality game Gorilla Tag, players swing their arms to navigate through virtual realms while avoiding others. Some teens, however, have discovered a cheating method using a free VPN app named Big Mama, which allows them to tag opponents easily by introducing a latency advantage.
The Big Mama VPN, much to the surprise of many, also sells access to users’ home internet connections. This means that anyone purchasing this service can use a VR headset’s IP address, thus hiding their own online activities. This setup can be likened to using a residential proxy, which has become a favored tactic among cybercriminals for executing their malicious deeds.
Research conducted by Trend Micro found that many Meta VR headsets are linked to this VPN, making them the third most popular devices using the service. It is concerning that anyone using Big Mama might unknowingly contribute to its proxy network, which has drawn multiple connections to cyberattacks and other dubious online activities.
Stephen Hilt, a cybersecurity expert at Trend Micro, warns that free VPNs can expose users to privacy issues. The Big Mama VPN, while appealing due to its lack of account creation and apparent limits, can put users at grave risk if their devices are exploited. Such proxies can be used for various cyberattacks, potentially involving the user’s home IP address.
The Big Mama service operates two components: the free VPN app, which boasts over one million downloads, and the Big Mama Proxy Network. Users can buy access to "real" IP addresses. This practice is not just ethically ambiguous but often illegal in nature, as the proxies can facilitate a range of cybercrimes, including data scraping, DDoS attacks, and phishing.
Community feedback reveals that Big Mama is frequently promoted on underground forums dedicated to cybercriminal discussions, establishing a troubling relationship between the VPN service and malicious intent. Ads for Big Mama have surfaced across various platforms where cybercriminals congregate, offering anonymity through cryptocurrency payments.
The organization behind Big Mama, which states it operates under the name BigMama SRL in Romania, has avoided direct responsibility for its inappropriate use, claiming it does not advertise on illicit forums. They have insisted that users must agree to terms that disclose the potential routing of their internet traffic.
Despite these disclaimers, it remains unclear how many users fully understand the ramifications of using such services. Many may inadvertently allow their devices to be used for nefarious purposes simply by downloading an app without scrutinizing its terms and conditions. While Big Mama allegedly fixes any security vulnerabilities, as highlighted by Trend Micro, the essential warning persists: free VPNs always carry the trade-off of privacy concerns, especially when they operate outside standard practices.
As gamers continue to indulge in Gorilla Tag and other VR experiences, the implications of using such VPN services could have larger consequences beyond just gameplay, marking a significant concern in the world of cybersecurity.