In Q3 of 2024, Kaspersky experts discovered that the number of users encountering apps that pose as free VPNs increased by 2.5 times compared to Q2 globally. These apps were malware or programs that could be potentially used by malicious actors. This surge has continued into Q4.
A VPN (Virtual Private Network) is a service intended to offer security and privacy to the user by hiding their IP address. The result is that the Internet Service Provider (ISP) and other third parties are unable to see which websites the user visits or what data is sent and received. A popular function of VPNs for individual users is the ability to “change” locations by switching to a server in another country. This feature enables access to geo-restricted web content such as shows on streaming services.
Cybercriminals take advantage of users who want to use free VPN services. In May 2024, law enforcement dismantled a botnet (a network of hijacked computer devices) known as 911 S5. Several free VPN services (MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN) were used to create this botnet. Users who installed these VPN apps had their devices transformed into proxy servers channeling someone else’s traffic. This malicious network spanned 19 million unique IP addresses across over 190 countries worldwide, making it possibly the largest botnet ever created. Botnet admins sold access to proxy servers installed on user devices with the infected apps to other cybercriminals, and this scheme was used for cyberattacks, money laundering, and mass fraud.
A fake VPN app before
being removed from Google Play
“There is a growing demand for VPN apps across all platforms, including smartphones and computers. Users tend to believe that if they find a VPN app in an official store, like Google Play, it is safe and can be used to get content that is originally unavailable at their location. And they think it is even better if this VPN service is free! However, this often ends up being a trap, as recent cases and our statistics showing a surge in malicious VPN app encounters prove. To stay safe, users should remain wary of these threats and use a security solution, along with a trusted and proven VPN service,” comments Vasily Kolesnikov, Security Expert at Kaspersky.
To avoid threats and browse the web securely, Kaspersky recommends:
- use a comprehensive security solution, such as Kaspersky Premium, to control and scan all of your connected devices and prevent malware from accessing your device;
- use a free version of Kaspersky VPN Secure Connection if you need a VPN service to protect your connection but don’t want to pay for one; the free mode won’t allow you to select a server, plus there’s a traffic limit of 300 MB per day, but your traffic will be completely secure;
- use the Premium access to Kaspersky VPN Secure Connection, available as a standalone purchase or as part of our Kaspersky Plus and Kaspersky Premium subscriptions. This will give you access to one of the fastest VPNs in the world across all your devices, along with top-rated protection against phishing and other threats, as verified by independent researchers.
