- Google’s latest fraud advisory identified malicious VPNs as a growing threat
- Scammers disguise malware as legitimate VPN apps to steal users’ data
- Google encourages users to only download VPNs from official sources
Digital privacy is a growing concern these days, with millions turning to virtual private networks to protect their online activity.
But in a stark new warning, Google has confirmed that cybercriminals are exploiting this need for security by distributing malicious applications disguised as legitimate VPN services. This creates a dangerous situation where a tool meant to be a shield is actually a weapon used to steal sensitive user data.
The warning was issued as part of Google’s Fraud and Fraud Advisory from November 2025, which outlines the latest trends in online threats. In addition to warnings about AI-powered job scams and holiday-themed phishing schemes, the guidance specifically highlights the danger of fraudulent VPN apps and browser extensions.
The Big Tech giant warns that threat actors impersonate trusted VPN brands or use enticing advertisements to trick users into installing software secretly packed with malware. For users trying to find the best VPN for their needs, this makes the selection process more critical than ever.
The irony is stark and troubling: in the pursuit of privacy, users may inadvertently download apps that perform the ultimate invasion of privacy.
Once installed, these malicious applications can deliver dangerous payloads, including info stealers, banking Trojans, and remote access tools that completely compromise a user’s security.
The effectiveness of this scam lies in the abuse of trust. Users are conditioned to see a virtual private network (VPN) as a solution, not a threat.
Criminal ecosystems take advantage of this by creating apps that look and feel legitimate, often getting them listed in official app stores and picking up fake reviews to appear credible. But behind the friendly interface, these apps are designed to betray the user.
According to Google’s advisory, these fake VPNs can wipe out a treasure trove of sensitive information, including your browsing history, private messages, financial credentials and even cryptocurrency wallet details.
This is not just a theoretical risk. Previous security incidents have exposed free VPNs that secretly spied on their users or had hidden ties to state actors. In one case, a popular free Chrome VPN extension with over 100,000 downloads was caught taking screenshots of every website its users visited, including banking portals and private photo albums.
The lure of free services is a big part of the problem. While a recent TechRadar survey found that nearly one in four readers use free VPNs, many of these services carry significant risks.
Threat actors know that users are attracted to free or cheap downloads that promise to “just work”, and they use this to their advantage by turning a user’s device into a node in a criminal network.
How to protect yourself from fake VPNs
With criminals actively targeting privacy-conscious users, choosing a secure VPN requires care. Google’s primary advice is to only download VPN apps from official sourceslike the Google Play Store, and to look for apps that have an official “VPN” badge.
However, these measures alone are not exactly bulletproof. For example, the malicious Chrome VPN extension was among the risky VPNs that mistakenly managed to obtain Google’s security badges.
The users should then be deeply skeptical of any VPN offer that sounds too good to be trueespecially free services that promise unlimited access with no catch. It is crucial that examine the permissions an app requests upon installation; a VPN should not need access to your contacts, photos or private messages.
In the end, the safest choice is to trust well-established, reputable VPN providers which has a transparent business model and a history of independent security audits. While some freemium VPNs from trusted brands are secure, a premium service is a small price to pay for the security that the tool you use to protect your privacy isn’t secretly destroying it.
According to TechRadar’s independent tests, Proton VPN Free, PrivadoVPN Free and Windscribe Free are currently the best free VPNs in terms of security, privacy and performance.
However, if you are willing to invest some money, ongoing Black Friday VPN deals make now the most convenient time to upgrade. Among the services offered are also TechRadar’s top picks, NordVPN…
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
