Cybercriminals are exploiting VPN users by distributing malicious applications disguised as legitimate services, Google has warned.
Millions are using virtual private networks to shield their online activity from criminals – but now Google has issued an alert, warning that fake VPNs are being used to steal personal data.
In its latest fraud and scams advisory, Google said: ‘Threat actors distribute malicious applications disguised as legitimate VPN services across a wide range of platforms to compromise user security and privacy.
‘These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually-suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access.’
Once installed, these applications serve as a vehicle to deliver dangerous malware payloads including info-stealers, remote access trojans and banking trojans.
What does VPN mean?
VPN stands for virtual private network. These create a secure and encrypted connection over the internet.
They can be used to protect your personal data and hide your online activty.
VPNs work by establishing a private ‘tunnel’ between your device and a remote server, masking your IP address and scrambling your data so it’s unreadable to others.
This can include your internet service provider (ISP) or hackers on public Wi-Fi.
These exfiltrate sensitive data such as browsing history, private messages, financial credentials and cryptocurrency wallet information, Google warned.
How can I protect myself?
Android and Google Play leverage Google’s machine learning algorithms to detect potentially harmful apps.
Users can turn on Google Play Protect to help keep apps safe and data private.
Google Play Protect’s enhanced fraud protection pilot analyses and blocks automatically the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an ‘Internet-sideloading’ source (such as web browsers or messaging apps).
What is a VPN provider I can trust?
The UK consumer watchdog, Which?, has listed some of the most popular VPNs which can be purchased directly from a provider.
ExpressVPN has servers in 105 countries. Users can choose between several payment plans – including a deal that gets customers two years and four months of coverage for £4.03 per month (£112.88 for 28 months).
Nord VPN offers servers across 126 locations – with ‘over 8,000 VPN servers’ in total.
It has several plans available. The cheapest is £2.57 per month for two years.
Private Internet Access VPN costs £1.69 per month for 26 months or £5.39 per month for six months. The company has servers in 91 countries.
Meanwhile Surfshark has more than 3,000 VPN servers in 100 countries. Its cheapest of nine payment plans costs £2.59 per month for 12 months.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.