All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
Google has just uncovered a serious threat to your online privacy.
The California tech firm has issued an urgent security warning about fraudulent VPN applications that are actively stealing user data while pretending to offer protection.
VPN stands for Virtual Private Network — an application that encrypts and anonymises everything you do online — bolstering your privacy, hiding your location, and stopping advertisers, trackers, and even governments from keeping tabs on you.
They're widely used by businesses to keep proprietary data safe from prying eyes. Whistle-blowers and journalists also rely on these apps to shield sensitive information. VPNs are also fast becoming an essential tool for everyone with a smartphone, laptop, desktop PC, streaming set-top box, or tablet.
However, fraudsters are using fake apps that are rapidly spreading across multiple platforms, which are targeting billions of smartphone and computer users worldwide. Instead of safeguarding your internet connection as promised, they're actually designed to compromise your security and privacy.
The malicious software poses as legitimate VPN services, often copying the names and branding of some of the best VPNs to deceive unsuspecting users into downloading them.
VPNs create an encrypted tunnel for everything you do online, keeping your personal data protected from cyber criminals, advertisers, and governments | NORDVPN PRESS OFFICE Once you install these counterfeit applications, they unleash dangerous malware onto your device. The malicious software can steal your passwords, financial credentials, and even access your cryptocurrency wallets without your knowledge.
"These apps often appear genuine and even perform basic VPN functions," explained Laurie Richardson, Google's vice president of trust and safety. "But behind the scenes, they can compromise passwords, banking details and private messages."
The fake VPNs deploy various types of malware, including info-stealers, remote access trojans and banking trojans. These programmes secretly harvest your browsing history, private communications and stored login details.
Your personal information is then transmitted to cybercriminals who can use it for identity theft, financial fraud, or sell it on the dark web.
LATEST DEVELOPMENTS
To protect yourself from these malicious applications, it's best practice to only download VPNs from official sources
| GETTY IMAGESThe timing of this warning is particularly significant as VPN usage has surged following new online safety regulations. For instance, the UK's Online Safety Act and similar US state legislation have introduced age-verification requirements for adult content websites, prompting many users to seek VPN solutions to bypass these restrictions.
Cybercriminals have recognised this opportunity and are specifically targeting vulnerable users through sexually explicit advertising.
Google said in a statement, "These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access."
If you've recently downloaded a VPN to access restricted content, you could be at particular risk from these sophisticated scams.
To protect yourself from these malicious applications, it's best practice to only download VPNs from official sources. Google recommends using verified app stores like Google Play, where applications display a VPN badge to confirm their legitimacy.
Secure the Surfshark Black Friday deal today
Surfshark charges £13.49 a month for its Surfshark One bundle on a rolling one-month basis. But if you sign-up for a two-year plan in the early Black Friday sale, that drops to just £1.59 per month. That's an incredible saving, especially considering you'll benefit from its award-winning VPN, anti-virus protection, and automatic alerts if your login details are shared on the Dark Web
Surfshark One
$13.49
$1.59
It's also best practice to avoid free VPN offers and never sideload apps from untrusted sources.
Some free or disreputable VPNs have been known to log data, sell information on your browsing habits, or expose you to malware. Paid services from well-known providers are usually more secure, offering stronger encryption protocols and privacy policies that prioritize user security.
That said, a VPN is not a foolproof solution. Always ensure that you access your bank's website through its official domain and use two-factor authentication (2FA) where possible to further safeguard your accounts.
Ms. Richardson emphasised that while VPNs can mask your IP address, they don't guarantee complete anonymity online. "A VPN can mask your IP address, but it doesn't make you invisible," she cautioned, advising users to remain sceptical of any service promising total privacy.
More From GB News