NEW YORK: Google has issued a global warning against a surge in fake virtual private network (VPN) applications posing as legitimate security tools but designed to steal users’ personal and financial data.
The alert, part of Google’s November 2025 Fraud and Scams Advisory, warns billions of smartphone users that cybercriminals are exploiting the growing demand for online privacy tools.
Many of these fraudulent apps mimic trusted VPN brands or use explicit advertising to lure victims. Once installed, they infect devices with spyware, banking trojans, and remote access tools capable of stealing passwords, financial details, and private messages.
Malicious Apps masquerading as VPNs
According to Google, “threat actors distribute malicious applications disguised as legitimate VPN services across a wide range of platforms to compromise user security and privacy.”
These apps often perform basic VPN functions to appear genuine. However, behind the scenes, they secretly collect sensitive information such as browsing history, personal messages, and cryptocurrency wallet details.
Laurie Richardson, Google’s Vice President for Trust and Safety, said, “These apps often appear genuine and even perform basic VPN functions, but behind the scenes, they can compromise passwords, banking details, and private messages.”
Google warned that this threat is not confined to unauthorised app stores. Some fake VPNs have appeared on official platforms, complete with fake reviews and professional designs that make them appear legitimate.
Tactics used by cybercriminals
The company said attackers are using increasingly sophisticated techniques to deceive users. “These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as sexually suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access,” Google stated in its advisory.
Cybersecurity experts say this wave of malicious VPNs exploits a basic misunderstanding among users. “A VPN can mask your IP address, but it doesn’t make you invisible,” Richardson noted. She advised users to treat any app promising complete anonymity with scepticism.
Daniel Card, a cybersecurity expert and Fellow of BCS, the Chartered Institute for IT, told TechRadar that public education had helped raise awareness of VPN risks, but recent online safety laws in the United Kingdom had reignited demand for unverified privacy tools.
“The irony is sharp and concerning: in the hunt for privacy, users can inadvertently download apps that perform the ultimate privacy invasion,” he said.
Global rise in VPN use
Google said cybercriminals are capitalising on a sharp increase in VPN use worldwide. The rise has been partly driven by new online safety regulations in the United States and the United Kingdom that restrict access to adult content, prompting many users to seek alternative access routes through VPNs.
This growing demand has made VPN services an attractive target for fraudsters. Some counterfeit apps have even managed to secure placement on official app stores, backed by fake reviews and misleading promotional campaigns.
How to stay safe
Google has introduced a new “VPN Verified” badge to help users identify legitimate VPN applications. It has also advised users to download apps only from reputable sources, such as the Google Play Store, and to avoid free services that request unnecessary permissions like access to contacts, messages, or photos.
The company urged Android users to enable Google Play Protect, which analyses apps for suspicious behaviour and blocks installations that may abuse sensitive permissions for financial fraud.
According to TechRadar, the most secure free VPNs currently available include Proton VPN Free, PrivadoVPN Free, and Windscribe Free, which have been independently verified for privacy and performance.
Google’s latest alert follows a series of recent warnings about malware campaigns targeting users of Gmail, Google Messages, and Chrome.
