N1b You're by far not the only one wondering whether using a no longer supported device is that bad.
This just in (emphasis is mine):
Thousands of phones and routers swept into proxy service, unbeknownst to users (Ars Technica)
[.…]
The researchers don’t know if the 190,000 nodes comprising Asock at its peak were made up exclusively of infected Android devices or if they included other types of devices compromised through other means. Either way, the number indicates the popularity of anonymous proxies.
People who want to prevent their devices from being drafted into such networks should take a few precautions. The first is to resist the temptation to keep using devices once they’re no longer supported by the manufacturer. Most of the devices swept into TheMoon, for instance, have reached end-of-life status, meaning they no longer receive security updates.
[...]
Running one application, from a highly-vetted source, on an old device holding no private data, with the device disconnected from the Internet, may not pose a significant threat. In the other direction, downloading a fresh app or two every day from one of three app stores onto a "daily driver" phone that is post-support, with high-speed network access, on the grounds that the phone still appears to work fine, may well pose a threat.