Particle.news
Download on the App Store
6 ARTICLES
·
3h ago

FreeVPN.One Chrome Extension Flagged for Covert Screenshot Spying Remains on Web Store

Koi Security reports July builds added silent screenshotting that merits immediate removal by users.

An image about When a 'free' VPN costs you dearly: Security experts warn popular Chrome extension spies on you
blank
Image
Image

Overview

  • Researchers say the extension silently captures a screenshot of every page about a second after load and uploads it to developer-controlled servers with the URL, tab ID, and a unique user identifier.
  • The shift followed an April update that granted access to all sites, with July versions introducing automatic background screenshotting via Chrome’s captureVisibleTab API.
  • Koi Security reports later July updates added obfuscation, AES‑256 encryption with RSA key wrapping, and a switch from aitd.one to scan.aitd.one to make detection harder.
  • FreeVPN.One lists over 100,000 installs and carried Verified and Featured badges on the Chrome Web Store, and as of publication it remained available while Google had not announced enforcement action.
  • The developer describes the behavior as background scanning for suspicious domains, but researchers observed screenshots on trusted services and advise users to uninstall, change passwords, and run security scans.