All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
Google has just uncovered a serious threat to your online privacy.
The California tech company has issued an urgent security warning about fraudulent VPN apps that are actively stealing data from the gadgets they claim to protect. VPN stands for Virtual Private Network — an application that encrypts and anonymises everything you do online. It bolsters your privacy, hides your location, and stops advertisers, trackers, and even governments from keeping tabs on your online activity.
They're widely used by businesses to keep proprietary data safe from prying eyes. Whistle-blowers and journalists also rely on these apps to shield sensitive information. VPNs are also fast becoming an essential tool for everyone with a smartphone, laptop, desktop PC, streaming set-top box, or tablet.
With the surge in popularity, scammers have seized upon the opportunity — something Google wants millions worldwide to avoid.
GB News viewers can unlock 4 months of ExpressVPN for FREE
Protect your money and your identity online. Block the scammers.
Get ExpressVPN right now. This award-winning VPN uses military-grade encryption to secure everything you do online across iPhone, Android, Linux, Windows, Mac, Fire TV, and dozens more.
GB News viewers can save up to 73% and unlock an extra 4 months free.
ExpressVPN
$9.85
$2.65
However, fraudsters are using fake apps that are rapidly spreading across multiple platforms, which are targeting billions of smartphone and computer users worldwide. Instead of safeguarding your internet connection as promised, they're actually designed to compromise your security and privacy.
The malicious software poses as legitimate VPN services, often copying the names and branding of some of the best VPNs to deceive unsuspecting users into downloading them.
VPNs create an encrypted tunnel for everything you do online, keeping your personal data protected from cyber criminals, advertisers, and governments | NORDVPN PRESS OFFICE Once you install these counterfeit applications, they unleash dangerous malware onto your device. The malicious software can steal your passwords, financial credentials, and even access your cryptocurrency wallets without your knowledge.
"These apps often appear genuine and even perform basic VPN functions," explained Laurie Richardson, Google's vice president of trust and safety. "But behind the scenes, they can compromise passwords, banking details and private messages."
The fake VPNs deploy various types of malware, including info-stealers, remote access trojans and banking trojans. These programmes secretly harvest your browsing history, private communications and stored login details.
Your personal information is then transmitted to cybercriminals who can use it for identity theft, financial fraud, or sell it on the dark web.
LATEST DEVELOPMENTS
The timing of this warning is particularly significant as VPN usage has surged following new online safety regulations.
For example, the UK's Online Safety Act and similar US state legislation have introduced age-verification requirements for adult content websites, prompting many users to seek VPN solutions to bypass these restrictions.
Cybercriminals have recognised this opportunity and are specifically targeting vulnerable users through sexually explicit advertising.
If you want to install a VPN on your device to secure your browsing, make sure to stick with the most trusted brands. ExpressVPN has earned dozens of awards from industry publications like Techradar and Cnet. But it's not the only widely-recognised VPN service, with NordVPN also earning a truckload of industry plaudits. Surfshark is another popular choice, especially for those on a tighter budget.
To protect yourself from these malicious applications, it's best practice to only download VPNs from official sources
| GETTY IMAGESGoogle said in a statement, "These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access."
If you've recently downloaded a VPN to access restricted content, you could be at particular risk from these sophisticated scams.
To protect yourself from these malicious applications, it's best practice to only download VPNs from official sources. Google recommends using verified app stores like Google Play, where applications display a VPN badge to confirm their legitimacy.
VPNs work by encrypting all of your online traffic before it's sent over the internet. This prevents your ISP, advertisers, hackers, and fraudsters from tracking your online activity, stealing your personal data, or placing restrictions on you
| SURFSHARK PRESS OFFICEIt's also best practice to avoid free VPN offers and never sideload apps from untrusted sources.
Some free or disreputable VPNs have been known to log data, sell information on your browsing habits, or expose you to malware. Paid services from well-known providers are usually more secure, offering stronger encryption protocols and privacy policies that prioritize user security.
That said, a VPN is not a foolproof solution. Always ensure that you access your bank's website through its official domain and use two-factor authentication (2FA) where possible to further safeguard your accounts.
Ms. Richardson emphasised that while VPNs can mask your IP address, they don't guarantee complete anonymity online. "A VPN can mask your IP address, but it doesn't make you invisible," she cautioned, advising users to remain sceptical of any service promising total privacy.
More From GB News