Google warns billions of users over critical VPN threat

One such criminal enterprise involved a fraudulent security firm publishing VPN apps on official app stores in order to spread malware and online scams.

“These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually-suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access,” said Laurie Richardson, vice president of trust and safety at Google.

“Once installed, these applications serve as a vehicle to deliver dangerous malware payloads including info-stealers, remote access trojans and banking trojans that exfiltrate sensitive data such as browsing history, private messages, financial credentials and cryptocurrency wallet information.”

Ms Richardson advised Android users to protect themselves by only downloading VPN apps from official sources, and to check for apps with the VPN badge in the Google Play app store.

“Users should look carefully at the app's requested permissions – a VPN should not need access to things like your contacts or private messages,” she said. “Always pay attention to browser download warnings and keep your antivirus software enabled.”

In a scam advisory report for November, Google outlined five other recent trends that had been identified by security analysts.

They included online job scams, negative review extortion schemes, AI product impersonations, fraud recovery scams and seasonal holiday campaigns that aim to exploit consumers during big events like Black Friday and Cyber Monday.

Web users are advised to beware of “too good to be true” deals with excessively low prices in the build up to Black Friday on 28 November.

People should also be wary of texts or emails purporting to be from delivery firms that urge immediate action or demand a fee.