Google warns billions of users over critical VPN threat

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it’s investigating the financials of Elon Musk’s pro-Trump PAC or producing our latest documentary, ‘The A Word’, which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Cyber criminals are using fake virtual private network (VPN) apps that impersonate legitimate services in order to spy on users and steal their money, Google has warned.

The issue impacts the roughly 3.9 billion Android users around the world, with smartphone users tricked into installing malicious apps that threaten their digital security.

One such criminal enterprise involved a fraudulent security firm publishing VPN apps on official app stores in order to spread malware and online scams.

“These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually-suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access,” said Laurie Richardson, vice president of trust and safety at Google.

“Once installed, these applications serve as a vehicle to deliver dangerous malware payloads including info-stealers, remote access trojans and banking trojans that exfiltrate sensitive data such as browsing history, private messages, financial credentials and cryptocurrency wallet information.”

Ms Richardson advised Android users to protect themselves by only downloading VPN apps from official sources, and to check for apps with the VPN badge in the Google Play app store.

“Users should look carefully at the app’s requested permissions – a VPN should not need access to things like your contacts or private messages,” she said. “Always pay attention to browser download warnings and keep your antivirus software enabled.”

In a scam advisory report for November, Google outlined five other recent trends that had been identified by security analysts.

They included online job scams, negative review extortion schemes, AI product impersonations, fraud recovery scams and seasonal holiday campaigns that aim to exploit consumers during big events like Black Friday and Cyber Monday.

Web users are advised to beware of “too good to be true” deals with excessively low prices in the build up to Black Friday on 28 November.

People should also be wary of texts or emails purporting to be from delivery firms that urge immediate action or demand a fee.

Source: https://www.independent.co.uk/tech/security/google-security-warning-fake-vpn-app-b2863528.html