CALIFORNIA (Kashmir English): Technology giant Google has warned smartphone users to beware of a surge in fake virtual private network (VPN) apps that, it said, are stealing sensitive personal and financial data under the guise of protecting privacy.
The alert has been issued as part of Google’s November 2025 Fraud and Scams Advisory. It highlights how cybercriminals are exploiting growing demand for online security tools.
Majority of the fraudulent VPN apps mimic genuine brands or use explicit advertising to lure billions of users, only to infect their devices with spyware and data-stealing malware once installed.
“These apps often appear genuine and even perform basic VPN functions,” said Google’s vice president of trust and safety, Laurie Richardson. “But behind the scenes, they can compromise passwords, banking details and private messages.”
The company said attackers have been capitalising on increase in VPN use worldwide, driven by new online safety laws in the US and UK restricting access to adult content.
Google warned that some counterfeit apps may even reach official app stores, backed by fake reviews and polished designs that make them appear legitimate.
Once installed, these malicious programs can deliver info-stealers, banking trojans and remote access tools capable of extracting browsing histories, cryptocurrency data and stored credentials.
Experts have warned the scams exploit a common misconception that VPNs guarantee total anonymity. “A VPN can mask your IP address, but it doesn’t make you invisible,” Richardson said, cautioning that users should treat any app promising complete privacy with skepticism.
Download VPNs only from verified sources
Google advised internet users to download VPNs only from verified sources, such as the Play Store, and to avoid free services that request excessive permissions like access to contacts or messages.
