As the demand for Virtual Private Networks (VPNs) rises, so does the threat of fake VPN apps designed to steal user data. Security researchers reported a 2½ times increase in users encountering fake VPN apps globally in the third quarter of 2024 compared to the previous quarter. These malicious apps often masquerade as legitimate VPN services but are, in fact, malware or programs used by cybercriminals.
The Rise of Fake VPN Apps
According to Kaspersky, cybercriminals exploit users seeking free VPN services. In May 2024, authorities dismantled a botnet known as 911 S5, which comprised hijacked devices, including several free VPN services like MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN.
When users installed these VPN apps, their devices were converted into proxy servers, redirecting internet traffic without their knowledge. This extensive network spanned 19 million unique IP addresses across over 190 countries, possibly making it the largest botnet ever created. The operators sold access to these infected devices to other criminals for cyberattacks, money laundering, and fraud.
Why Free VPN Apps are Risky
Users are cautioned against using free VPN apps due to several risks:
Data Sharing: Many free VPNs share user data with third parties.
Weak Encryption: About 36% of free VPNs use weak encryption, compromising online security.
Data Leaks: Nearly 90% of free VPNs leak some data, with 17% leaking more than they should.
Unreliable Connections: More than half of free VPNs have unstable connections.
Excessive Permissions: Almost 70% request permissions they shouldn’t need, like tracking location (20%) or checking installed apps (46%).
Why Users Fall for Fake VPNs
The demand for VPN apps is growing across platforms. Users often assume that VPN apps available in official stores like Google Play are safe. They’re particularly drawn to free services, thinking they offer a great deal, but this can often lead to traps set by cybercriminals.
Protecting Your Data
To ensure your data is secure, use trusted and reputable VPN services, even if they are not free. Opt for VPNs that are reviewed by mainstream sites and backed by solid recommendations. For example, my expert reviews highlight the best VPNs for browsing the web privately on Windows, Mac, Android, and iOS devices.
Tips to Stay Safe:
Stick to Official App Stores: Download apps from trusted platforms like the App Store for iOS or Google Play Store for Android. These stores have built-in security measures to detect and remove harmful apps. Even on official stores, check the app’s reviews, ratings, and download count to ensure trustworthiness.
Pay Attention to App Permissions: Be careful about the permissions you grant during app installation. Question any permission that doesn’t align with the app’s functionality. Both iOS and Android allow you to review and manage app permissions in settings, so double-check what you’ve already allowed.
By following these guidelines, users can protect their data and privacy from the rising threat of fake VPN apps.