- The malicious group of Vextrio Viper developed and shared a number of fake apps through the Legit App stores reveals new research
- Malicious applications include VPNs, ad blockers, RAM cleaning funds and even online dating services
- VEXTRIO VIPER employs traffic distribution systems (TDSS) to spread malware and other online scams since at least 2015
Whether you download your VPN app via Google Play or Apple App Store, there is still a chance that it may be a malicious app developed by Vextrio Viper.
In a comprehensive report, researchers at InfoBlox Threat Intel revealed how the fake Adtech group published a number of applications in official app stores-from Virtual Private Network (VPN) and ad-blockers for RAM cleaning agents and even online dating services.
Given being active since 2015, Vextrio is a complex criminal company involving more companies and using traffic distribution systems (TDSS) to spread malware and other online fraud.
At least seven security apps affected
“They released apps under several developer names, including Holacode, Locomind, Hugmi, Klover Group and AlphaScale Media. […] Available in the Google Play and the Apple stores, these have been downloaded millions of times overall, ā€¯InfoBlox explained to Hacker News.
Specifically, at least seven applications to offer security tools were developed by Locomind, which by 2024 claimed over 500,000 downloads and 50,000 active users for their apps.
These include various VPN services, such as Fixed VPN -Super Proxy and other tool applications, such as RAM cleaning agents.
Once users have installed these applications on their devices, they are bombarded with intrusive ads and ask to sign up for misleading subscriptions.
The team at InfoBlox Threat Intel has tracked Vextrio’s malicious activities since 2022 and published various reports over the years.
Among these, in June 2025, researchers revealed a criminal web between WordPress hackers and a traffic distribution system (TDS) driven by the VexTrio group.
By 2024, they also revealed Vextrio’s massive malicious associated program that served as a food delivery service for criminals.
“In total, the VexTrio company includes almost a hundred companies and brands. The extent of their activities includes malicious apps and large-scale spamming operations, and when we published a few months ago, they have a special relationship with several site hackers,” researchers note.
How to remain safe
This story is a sharp reminder that it is not enough that an application is in an official app store to be sure. You need to be even more careful when it comes to a security tool as cyber criminals are notorious for taking advantage of unprotected devices.
In April, for example, a study found at least 20 free VPN apps with non -reveled Chinese ownership lurking in Apple’s official App Store in the United States. At least five of these were associated with a Shanghai-based company assumed to have ties with the Chinese military.
While the best VPN services increase your online anonymity and security by encrypting your Internet traffic and forgery of your IP address poses malicious apps risks to your privacy.
As a rule of thumb, you only need to download a reliable service with a strong VPN policy without a log and a history of independent third-party audit.
If you are not willing to pay for a Premium service yet, I recommend checking Proton VPN and Privado VPN as they are currently the best free VPNs on the market, according to Techradar’s reviewers.
That said, our test NordVPN confirmed as the best All-Sounder right now thanks to major security/privacy functions and impeccable benefits. Even better, maybe, you can still be in time to get hold of Techradar’s exclusive deal that expires on August 12, 2025.
