I just checked the new version 3.0.0 it still has the netas framework but now it’s doesn’t seem to be flagged as revpn in virus total anymore. Maybe they fixed it and only make you part of a botnet if you agree? I’m not sure if I would still trust it though as they opted you in regardless of what you selected in the old version.
https://app.threat.zone/submission/5d0f92fe-b6bb-4bdb-bdfc-0380346ffaf9/static-scan-report/manifest
Okay troll you know it ‘not’ flake off snow flake… 
you also can’t read when I said they fixed in 3.0
My favorite is NetMirror. it doesn’t buffer at all, netflix and prime content only ( for now )
I’m pretty sure it’s the app, it makes requests to whatever the end-user wants, so it’s never a specific page.
More references for what’s happening and how it kinda works is available here: https://www.akamai.com/blog/security-research/proxyjacking-new-campaign-cybercriminal-side-hustle
Example monetisation ad framework SDKs for Android that do this from googling around (it’s not the one they specifically use in app, but interesting to note):
I’ve since uninstalled the app, and I’m thinking of moving to an easier and much safer solution of a cheap Chromebook + uBlock Origin + wireless mouse/remote and watching videos that way (at least instead of my Firestick)
I think as long as it’s flagged as a PUAPUA (Potentially Unwanted Application), then I’d still be wary.
Its just a bit annoying that there isn’t a database mapping the names to the heuristics used to classify them.
And just realised that it still showed it as “Not-a-virus:HEUR:RiskTool.AndroidOS.Revpn.o” in the scan results you shared.
Yea I just noticed that it’s still flagged as revpn oddly virustotal cuts it off but the kaspersky site shows it so it’s definitely still there but whether it opts you in even if you select proceed with ads I’m still not sure about as I didn’t test the new version.