Browser extensions often claim to enhance user experience, but some can be more harmful than helpful. A report from KOI Security reveals that Freevpn.One, a Chrome extension boasting over 100,000 users, has been secretly taking screenshots of users’ browsing activities.
Suspicious Activity of Freevpn.One
After installation, Freevpn.One didn’t just manage VPN traffic; it was quietly capturing screenshots of every website visited, including sensitive information like bank logins and personal documents, sending them to a server controlled by the developers.
Worryingly, the extension increased its permissions over time, framing its actions as “AI threat detection.” What seemed like a helpful feature became an intrusive surveillance tool.
Why This Threat is Alarming
Users install VPN services with the expectation of privacy, yet this extension subverted that trust. By using Chrome’s all_urls permission, it gained access to every page a user visited.
Researchers confirmed that screenshots were taken from reputable sites like Google Photos and Google Sheets. Despite the developers claiming these images weren’t saved, no evidence was given to validate that claim.
Scope of the Threat
It’s estimated that this malicious browser extension had potentially spied on around 2 million users.
Warning Signs of the Rogue Extension
Several red flags were evident:
- Unprofessional grammar and vague explanations.
- A rudimentary WIX page as the only contact point.
- A promise of unlimited free VPN services without any clear revenue model.
While not all free VPNs are malicious, many tend to monetize user data in deceptive ways.
Developer’s Response and Extension Removal
Following KOI Security’s findings, the developer behind Freevpn.One offered a partially transparent explanation, stating that the screenshot feature was meant for monitoring suspicious domains. However, the company could not substantiate this, especially given the evidence of trusted sites being targeted. Attempts to acquire legitimate business credentials were met with silence from the developer, whose only public link pointed to a basic WIX page.
Consequently, Freevpn.One has been removed from the Chrome Web Store, and users attempting to access it now see a message indicating that the item is no longer available. This underscores ongoing concerns about the absence of thorough reviews for extensions that have malicious capabilities.
Protective Measures Against VPN Extension Spyware
If you’ve installed Freevpn.One or any similar dubious Chrome extension, here are some steps to consider for cybersecurity.
1) Uninstall Immediately
Navigate to chromium > window > Extensions and click remove.
2) Choose a Trusted VPN
Opt for recognized VPN services with established track records and transparent practices. This ensures you maintain control over your privacy instead of relying on unknown developers.
3) Run Antivirus Scans
Utilize a reputable antivirus program to detect any hidden malware. This proactive measure helps safeguard your devices from malicious software.
4) Change Your Passwords
Assume your credentials may have been compromised. Using a password manager can help store and generate complex passwords, minimizing the risk of reuse.
5) Use Data Removal Services
Since the extension can collect and sell your data, employing personal data removal services can help delete your information from data broker sites.
6) Review Extension Permissions
Before adding any extensions, assess the permissions requested. If a VPN extension demands access to all websites, consider that a major warning sign.
Key Takeaways
The Freevpn.One case serves as a cautionary tale: often, “free” comes with unrecognized risks. Just because an extension is popular does not mean it’s safe. Always prioritize privacy and use established tools.
