- Security researchers have discovered that a popular VPN Chrome free extension has furtively took screenshots of each website to visit its users
- Freevpn.one has more than 100,000 downloads and “verified” and “featured” badges from Google
- Once limited to VPN functionality, subsequent extension updates were designed not for confidentiality, but to escape detection
A popular extension of VPN Chrome turned out to spy on its more than 100,000 users.
Koi Security has published an extensive report, warning users that instead of protecting their data as the best VPN applications should do, Freevpn.one takes screenshots from each website they visit.
Freevpn.one is a free VPN extension that has managed to obtain two badges from Google Chrome Store, supposed to ensure more safety users. Unfortunately, these badges may have been wrongly awarded.
A trustworthy VPN extension turned into a confidentiality nightmare
Freevpn.one looks legitimate at a glance. With more than 100,000 downloads and Google approval, this seems to be a secure alternative to paid VPN services. However, according to Koi Security, there is a sinister reality that hides just below the surface.
The extension was marketed as a free and unlimited VPN service, and according to the researchers, for a while, it did. However, future updates have introduced worrying development.
Koi Security reports that a few seconds after any page is loaded, a background trigger catches a screenshot. This means that each website you visit with the enabled extension is captured, including private photos, banking sites, medical records and all kinds of other sensitive information.
The screenshots are then sent to an external source, with scripts operating to ensure the quality of data capture.
Another feature of Freevpn.one, called “AI threat detection”, also takes screenshots and downloads them for the server side analysis, but at least it reveals that it does it, unlike the rest of the application.
Some of the most recent updates in Freevpn.one seem to have aggravated things for user confidentiality. Spy software, screenshots and site monitoring would have started in July this year. Later the same month, Koi Security reported, the developer increased security to escape detection, while screenshots continued to be collected.
Koi Security contacted the developer, who says that screenshots are only taken if the domain seems suspicious. However, even websites like Google Photos are saved, which does not correspond to this assertion. Development also indicates that screenshots are not stored anywhere, but it is a difficult assertion to check. They would have finally stopped responding to the requests for comments from Koi Security.
How to stay safe?
This situation describes a more important problem with certain free VPNs, as well as the ease with which some developers can download malware in web stores and gain user confidence. Most recently, a vextrio Viper, a group of cybercriminals, successfully shared a long list of malicious applications via popular application stores. This included a free VPN, a blocker of ads and even an online dating service.
Freevpn.one marked the “verified” badge of Google Play Store, which should have mean that it was definitively secure, but it is rather like “it is better to avoid”.
If you have used the freevpn.one extension, we recommend that you uninstall it immediately. Remember to download one of the best antivirus programs to also give your PC an in -depth analysis.
Then it is time to modify your passwords to all the websites to which you were able to access when using the extension. Better to be safe than sorry.
This underlines how important it is not to take risks when using a VPN service, which, by default, often has fairly high authorizations when it comes to monitoring what you do. If you are not willing to obtain a premium service, turn to some of the best free VPN services to make sure they have been carefully tested to protect your data.
