Google has released a new advisory warning users about a rise in fraudulent VPN apps and extensions that are being used to collect sensitive information. The company says cybercriminals are increasingly disguising harmful software as VPN tools, and users seeking free privacy solutions face the highest risk.
Google warns users about rising VPN-related scams and outlines key threats and safety steps to avoid them.(Pexels)
Google has noted a consistent rise in interest in VPN services. However, many users download potentially unsafe tools without verifying their credibility. According to recent findings, several free VPNs log user data, include trackers, or manipulate reviews to get visibility. Google’s advisory shows that organised scam groups are now exploiting these trends through widespread malware campaigns.
Also read: Google Drive can now turn your long PDFs into podcast-style audio summaries: Here’s how
What Google is warning about
The advisory states that bad actors are spreading fake VPN apps across app stores and other platforms. These apps often imitate well-known VPN brands, use misleading promotions, or tie their marketing to high-interest events to convince users to download them.
Once installed, these apps can deploy malware such as information-stealers, remote access tools, and banking trojans. Attackers may then access browsing data, private messages, financial details, and cryptocurrency wallet information.
Also read: Samsung Galaxy Z TriFold key specs and features tipped online ahead of launch
Google says Android and Google Play use machine-learning models to detect harmful apps. Users can activate Google Play Protect for real-time scanning. The company has also introduced a system that blocks high-risk apps when users try to sideload them through browsers or messaging services.
How to Identify a Malicious VPN
Google lists several red flags that often appear in malicious VPNs. These include:
Requests for permissions unrelated to VPN functionsUsing pushy or misleading ads to drive downloadsTracking user activity or selling dataUnclear privacy policiesNo verified audits or company informationInstalling malware while claiming to offer secure browsing
According to industry reports, many free VPNs may embed trackers or sell user data. Fake reviews also remain prevalent, which makes unreliable apps appear credible.
Also read: ChatGPT private chats leaked on Google Search: Here’s how to protect your privacy
Other Scams highlighted in Google’s Advisory
The advisory also warns about five other scam types:
Online job scams: Fraudsters pose as employers or agencies to steal personal or financial information, often by directing applicants to download files.Negative review extortion: Scammers post fake reviews to pressure businesses into paying for the attacks to stop.AI tool impersonation: Criminals create fake AI apps, extensions, or sites that deliver malware or costly subscriptions.Fraud recovery scams: Victims of earlier scams are approached by individuals claiming to help recover lost money in exchange for upfront fees.
Seasonal holiday scams: Fake shops, deceptive ads, and phishing attempts surge during shopping seasons, including Black Friday and Cyber Monday.