- The malicious group Vextrio Viper has developed and shared a multitude of false applications via legitimate application stores, reveals new research
- Malventy applications include VPNs, advertising blocks, RAM cleaners and even online dating services
- Vextrio Viper uses traffic distribution systems (TDSS) to spread malware and other online scams since at least 2015
No matter if you download your VPN application via Google Play or Apple App Store, there is still a chance that it is a malicious application developed by Vextrio Viper.
In a vast report, infoblox Threat Intel researchers revealed how the fraudulent adtech group published a range of applications in official application stores – virtual private network (VPN) and advertising blocks with RAM cleaners and even online dating services.
Considered as active since 2015, Vextrio is a complex criminal company that involves several companies and uses traffic distribution systems (TDSS) to spread malware and other online scams.
At least seven security applications have affected
“They have published applications under several developer names, notably Holacode, Locomind, Hugmi, Klover Group and Alphascale Media. […] Available in Google Play and Apple stores, they have been downloaded millions of times in the total, “said Infoblox to Hacker News.
More specifically, at least seven applications supposed to offer security tools have been developed by Locomind, which in 2024 claimed more than 500,000 downloads and 50,000 active users for their applications.
These include various VPN services, such as rapid VPN – Super Proxy and other utility applications, such as RAM cleaners.
Once users have installed these applications on their devices, they are bombed with intrusive announcements and invited to register for misleading subscriptions.
The infoblox Threat Intel team has followed the malicious activities of Vextrio since 2022, publishing various reports over the years.
Among these, in June 2025, the researchers disclosed a criminal web between the WordPress pirates and a trafficking system (TDS) operated by the Vextrio group.
In 2024, they also unveiled the VEXTRIO malicious subsidiary program which worked as a food delivery service for criminals.
“In total, the VEXTRIO company includes nearly a hundred companies and brands. The scope of their activities includes malware and large -scale spam operations, and as we published a few months ago, they have a special relationship with many website hackers,” notes researchers.
How to stay safe
This story is a brutal reminder that it is not enough for an application to be on an official application shop to be safe. You must be even more careful with regard to a safety tool, as cybercriminals are known to take advantage of unprotected devices.
For example, in April, an investigation found at least 20 free VPN applications with an unknown Chinese property that hides in Apple’s official App Store in the United States. At least five of them were linked to a company based in Shanghai which would have links with the Chinese army.
Although the best VPN services increase your anonymity and your online safety by encrypting your Internet traffic and usurping your IP address, malicious applications have risks for your privacy.
As a rule, you should only download only a reliable service with a strong VPN policy without log and a history of independent third -party audits.
If you are not willing to pay a premium service for the moment, I recommend checking the VPN Proton and Privado, because they are currently the best free VPNs on the market, according to Techradar reviews.
That said, our tests have confirmed NordVPN as the best versatile at the moment, thanks to major safety / confidentiality features and impeccable performance. Even better, perhaps, you can always be in time to conclude the exclusive agreement of Techradar, which expires on August 12, 2025.
