With the growing development in the tech industry over the past few years, fraudsters have also been coming up with new ways and tricks to scam people online for financial gain. Scams have now become a global challenge, while digital privacy has become a huge concern for users.
A few days back, Google issued its latest fraud and scams advisory, in which the company revealed that cybercriminals are now distributing malicious applications disguised as legitimate VPN services.
Malicious VPN apps and extensions
Threat actors are distributing malicious applications disguised as legitimate VPN services across a wide range of platforms to compromise user security and privacy. The company has revealed that these threat actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access.
Once installed, these applications serve as a vehicle to deliver dangerous malware payloads, including info-stealers, remote access Trojans, and banking Trojans that exfiltrate sensitive data such as browsing history, private messages, financial credentials, and cryptocurrency wallet information.
To save users from falling into the trap of these threat actors, Android and Google Play leverage Google’s machine learning algorithms to detect potentially harmful apps. Users can turn on Google Play Protect to help keep apps safe and data private.
Meanwhile, Google Play Protect’s enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud.
Apart from this, the company has also shared an advisory for users, according to which they are said to:
- Only download VPN apps from official sources
- Check for the app with the VPN badge in Google Play
- Be skeptical of free offers and avoid sideloading unknown apps
- Look carefully at the app’s requested permissions- a VPN should not need access to things like your contacts or private messages
- Pay attention to browser download warnings and keep your antivirus software enabled.
