Login/Register
Dkanto

Breaking Scandal: Chrome VPN Extension Spied on Over 100,000 Users

Breaking Scandal: Chrome VPN Extension Spied on Over 100,000 Users
2 days ago

In today’s digital world full of cyber threats, millions of users rely on VPN extensions for Google Chrome to protect their privacy and stay safe online. A VPN is meant to hide your identity, prevent tracking, and encrypt your data.

But a shocking discovery reveals the dark side: not every VPN extension is safe.

Recently, security researchers exposed that the Chrome extension FreeVPN.One — downloaded more than 100,000 times was secretly a spyware tool. Despite carrying a “Verified” badge on the Chrome Web Store, the extension was silently capturing screenshots of users’ activity and sending them to a remote server without consent.

Details of the Scandal: How Was the Spyware Discovered?

The Koi Security Report

Cybersecurity firm Koi Security conducted an in-depth investigation and discovered that FreeVPN.One exploited the Chrome API to capture full-page screenshots without permission.

How the Malicious Extension Worked

  • Every time a user visited a website, the extension took a screenshot within seconds.

  • The screenshot was linked to the website’s URL and tied to a unique user ID.

  • The data was then sent to a developer-controlled server.

  • All of this happened silently in the background, without the user’s knowledge.

What Kind of Data Was Exposed?

Private Messages

Captured from emails and chats on social media platforms.

Financial Information

Bank dashboards, payment transactions, and credit card details were screenshotted.

Personal Photos and Files

Any images, PDFs, or sensitive documents opened in Chrome were at risk.

Why This Scandal Is Dangerous

Direct Threat to Digital Identity

  • Bank account hacking and theft.

  • Blackmailing users using their private conversations or images.

  • Data resale on the dark web.

The False Sense of Security

The extension carried a Verified Badge on the Chrome Web Store, misleading thousands of users into trusting it. This raises serious concerns about Google’s extension review system.

How Users Fall Into the Fake VPN Trap

The Free VPN Illusion

Free VPN services look attractive but often make money by selling user data.

Blind Trust in Ratings and Badges

Many users rely on Chrome Store reviews or “Verified” labels as proof of safety, but this incident proves that’s not enough.

Practical Tips to Protect Yourself

1. Avoid Unknown Extensions

Stick to well-established VPN providers only.

2. Check Permissions Carefully

Any extension asking for excessive permissions like screenshot capture should be avoided.

3. Read the Privacy Policy

Look for a clear No-Logs Policy that guarantees your browsing data isn’t stored or sold.

4. Use Paid, Trusted VPNs

Investing a few dollars monthly in a reputable VPN service is far cheaper than risking your entire digital identity.

VPN Comparison: Trusted vs Fake

Feature Trusted VPN (e.g., NordVPN, ExpressVPN) Fake VPN (e.g., FreeVPN.One)
Encryption AES-256 + Secure Protocols Weak or no encryption
Privacy Strict No-Logs Policy Collects & sells user data
Permissions Limited and appropriate Excessive & dangerous
Funding Model Paid subscription “Free” but monetized by spying
Risk Level Low Very High (spying & leaks)

What To Do If You Installed FreeVPN.One

  1. Uninstall the extension immediately.

  2. Reset all important account passwords.

  3. Enable Two-Factor Authentication (2FA).

  4. Monitor bank accounts for suspicious activity.

  5. Run a full antivirus and anti-malware scan (e.g., Malwarebytes, Kaspersky).

Expert Reactions & Global Coverage

Cybersecurity Experts’ Statements

  • TechRadar called it “one of the most dangerous scandals to ever shake Chrome extension trust.”

  • Kaspersky analysts warned that free VPNs often pose bigger risks than traditional malware because they look “safe” on the surface.

International Media Coverage

  • Forbes published a warning urging users not to rely on free VPNs without due diligence.

  • ZDNet highlighted that Chrome’s Verified Badge does not guarantee actual security.

Impact on Google Chrome Web Store

Review System Flaws

This scandal exposed weaknesses in Chrome’s extension review and verification process.

Call for Stricter Policies

Experts demand that Google enforce tighter security audits, especially for VPNs and privacy-related extensions.

Cybersecurity Experts’ Checklist: How to Stay Safe from Fake VPN Extensions

  • Research the developer: If there’s no official website or trusted reviews, avoid it.

  • Review permissions: VPNs should not need screenshot or file system access.

  • Avoid free, unknown VPNs: If it’s free, you are the product.

  • Stick with trusted providers: NordVPN, ExpressVPN, and ProtonVPN undergo independent security audits.

  • Enable 2FA: Adds an extra security layer even if your data leaks.

  • Keep Chrome updated: Patches fix vulnerabilities that spyware may exploit.

  • Run regular security scans: Use tools like Malwarebytes or Kaspersky.

Conclusion

The FreeVPN.One Chrome extension scandal is not just a technical flaw — it’s a wake-up call. Digital privacy cannot be trusted to free, unverified tools.

To stay protected:

  • Don’t trust unknown free VPNs.

  • Don’t rely solely on Chrome’s Verified Badge.

  • Invest in a reliable, independently audited VPN service.

The internet is full of risks but your awareness is the strongest defense.