- Proton fake VPN extensions found in Chrome Webshop
- Proton says it reported fake apps to Google three times this year
- Some Proton fake VPN extensions remained live for weeks, Proton warns
Proton has warned that fake Proton VPN extensions have appeared in Google’s Chrome Web Store, often staying there for several weeks before being removed. The company says it has notified Google at least three times this year.
Despite this, several fake listings reportedly passed store review checks and remained live long enough to put users at risk. Proton says the takedown process is too slow and that delays of several weeks are unacceptable when malicious software exploits the name of a trusted provider.
The incident shows that even official browser stores are not infallible. As we’ve previously reported, such as in our coverage of a Chrome VPN extension found to spy on over 100,000 users, malicious tools can and do make their way into legitimate marketplaces โ a big risk when users think to install one of the best VPN apps instead.
What happened and why Proton is concerned
Proton says attackers created fake browser extensions using its name and branding to trick users into installing malicious software.
The goal was to steal login credentials, access sensitive user data, and potentially monitor browser activity while impersonating a legitimate Virtual Private Network (VPN) tool.
Since the beginning of the year, we’ve notified @Google about fake Proton VPN extensions in their Chrome Webshop not once, but three times. Bad actors take advantage of this as Google takes weeks to act, putting users at risk. Here’s how:๐งต1/5 pic.twitter.com/5rRCRxqzHJ19 February 2026
According to the company, several fake extensions from unverified developers that passed Google’s checks appeared in the Chrome Web Shop. Even after Proton reported them, some reportedly remained alive for weeks.
Two of these fake Proton VPN apps specifically targeted the Russian market, as the demand for reliable and secure VPNs among residents has never been higher.
Proton has criticized what it describes as “slow and ineffective” moderation, arguing that “every minute these fakes remain online is a security risk for hundreds of thousands of people.”
Risks for users: spyware hides in plain sight
The danger with fake extensions like this is that they often work with sweeping permissions. A malicious tool pretending to be Proton VPN can steal login credentials, access your sensitive account information, and monitor internet traffic. This level of access opens the door to full browsing monitoring, traffic interception and large scale metadata collection.
This is part of a wider pattern we have been following. From typosquatting campaigns โ similar sites tricking users into installing malware โ to investigations revealing VPN apps with hidden ownership links or spyware behavior, the ecosystem isn’t always as trustworthy as it seems.
Careful verification is your best defense
Obviously, being listed in an official browser store doesn’t automatically make an extension legitimate.
Attackers often exploit trademarked searches, knowing that users will enter trusted names like “Proton VPN” directly into the store and trust the first result that appears legitimate.
Ultimately, this fake Proton VPN extension saga mirrors past incidents where VPN apps later turned out to be spyware in disguise โ a reminder that even official stores can be exploited.
How to protect yourself: trust, but verify
Proton’s advice on how to best protect yourself is simple: start from the official source. Instead of searching the Chrome Webshop for Proton VPN, go directly to the provider’s website – in this case, proton.me – and use the official download links.
If you check a store directory, verify that the publisher is “Proton AG”, confirm it links back to the official website, and carefully go over the permissions it demands. Be careful with VPN browser extensions that ask for broad access, such as being able to read and modify all website data. If you spot a suspicious listing, report it.
As a rule of thumb, remember – app stores remain useful, but they’re not foolproof. As brand impersonation becomes more sophisticated, it is increasingly important to double check what you install. Proton says stronger moderation is required โ but until then, careful verification is your best defense.
