While VPNs are widely used to protect digital identity, cybercriminals are exploiting this trust by creating apps that appear genuine but secretly contain malware designed to steal data.
In its latest November 2025 fraud and scam advisory, Google highlights that threat actors are disguising malware as VPN apps and browser extensions, often imitating popular brands and using attractive advertisements to lure users.
These fake VPNs often function as advertised on the surface, but secretly install harmful software, such as info-stealers, banking trojans, or remote access tools.
The risk is high because many users install these deceptive VPNs believing they will protect their anonymity and secure their online activity.
Google warns that even official app stores are not completely safe from such fraudulent applications.
To stay protected, users are advised to download VPNs only from trusted sources, such as the official Google Play Store, and look for apps displaying a verified “VPN” badge.
Additionally, users must always cross-verify the permissions needed by these apps. If an app requests permissions unrelated to its intended purpose, it’s best to uninstall it.
A genuine VPN service doesn’t need access to your contacts, photos, and messages. To be extra cautious, avoid installing VPN apps from third-party sources.
Google also requests that users enable Play Protect and use the related alerts in Android that flag dangerous apps and permissions.
No comments:
Post a Comment