Overview
- In a November frauds-and-scams advisory, Google flagged malicious VPN apps and browser extensions that deliver info‑stealers, banking trojans and remote‑access tools.
- Some counterfeit VPNs impersonate trusted brands and use sexually suggestive ads and social engineering to lure downloads, according to Laurie Richardson, Google’s vice president of trust and safety.
- Google warned that polished fakes can slip into official app stores with fake reviews and may appear to work as basic VPNs while secretly exfiltrating browsing history, private messages, financial credentials and cryptocurrency data.
- Users are urged to install VPNs only from official stores, look for verified VPN badges, avoid free services requesting unrelated permissions, enable Google Play Protect and steer clear of sideloaded apps.
- Coverage underscored that consumer VPNs do not guarantee anonymity or comprehensive security, and rising usage linked to new online‑safety laws in the US and UK has widened the target pool for fraudsters.