Overview
- Google’s November advisory flags counterfeit VPN apps and extensions that deliver info‑stealers, remote‑access trojans and banking trojans capable of siphoning browsing history, private messages, financial credentials and cryptocurrency data.
- Attackers are leveraging surging VPN demand tied to recent online‑safety laws by impersonating trusted brands and using sexually suggestive ads and other social‑engineering lures.
- Some fraudulent apps can reach official stores by leaning on fake reviews and polished designs that make them appear legitimate.
- Google’s guidance urges downloading only from official sources, checking for the VPN verification badge on Google Play, avoiding sideloading and “free” offers, and rejecting VPNs that request unnecessary permissions.
- Platform defenses include Google Play Protect’s enhanced fraud protection pilot that can block sideloaded apps seeking sensitive permissions, and the company reiterates that consumer VPNs are not a complete privacy solution.