Swing VPN has been using its user base to conduct DDOS (Distributed Denial of Service) attacks on websites, treating them as an attack botnet. The app sends repeated requests containing specific data to a website in Turkmenistan, every 10 seconds. The author inspected the app’s functionality and found that it downloads configurations from Github, Google Drive, and personal servers and connects to an ad network, while not respecting privacy policies. With over 5 million installations, the app has a potential of carrying out 500,000 RPS and overwhelming the servers of smaller websites. Interestingly, there is no DDOS activity on iOS devices, as the app is programmed differently.
https://lecromee.github.io/posts/swing_vpn_ddosing_sites/