Google has issued an urgent warning about malicious applications disguised as legitimate virtual private network (VPN) services. These fraudulent apps pose significant security risks to users worldwide, designed to steal personal data including browsing history, financial credentials, and cryptocurrency wallet information.
The tech giant revealed the threat in its latest fraud and scams advisory. According to Google: «Threat actors distribute malicious applications disguised as legitimate VPN services across a wide range of platforms to compromise user security and privacy.»
The warning comes as millions of users rely on VPNs to protect their online activity, making them an attractive target for cybercriminals. VPNs typically create secure, encrypted connections to mask IP addresses and protect personal data, but fake versions exploit this trust to deliver malware including info-stealers, remote access trojans, and banking trojans.
How attackers operate
Cybercriminals use sophisticated tactics to lure victims. Google stated: «These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually-suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access.»
Users can protect themselves by enabling Google Play Protect, which offers enhanced fraud protection. The pilot program analyzes and blocks installations of apps that may abuse sensitive permissions for financial fraud, particularly when downloaded from sources outside official app stores.
Note: This article was created with Artificial Intelligence (AI).
