Table of Contents
With the rise of cybercrime, people are wising up to the cyber risks of their devices. Everyone is cruising app stores to install antivirus software and downloading VPN to keep their browsing and messaging private. But that’s where things could go badly wrong. Scammers have become so sophisticated that even your more tech-savvy users could pick the wrong app.
A VPN Is a Security and Privacy Tool
A VPN creates an encrypted tunnel for your internet activities by routing your connection through the VPN’s secure servers. Apart from masking your IP address and location, the encryption also protects the data from intercepting or tampering.
So what can go wrong? Just when you relax about your security and privacy, you notice a few things that don’t add up. It might signal that you accidentally installed a fake or untrustworthy VPN on your device.
The Plague of Fake VPNs
A fake VPN poses as a legitimate virtual private network. Its purpose is to trick people into believing their data is safe and encrypted by a genuine VPN service. In reality, fake VPNs actively compromise people’s data.
Fake VPNs often skip the encryption part entirely or use outdated or insecure encryption. The false sense of security makes users vulnerable to data and identity theft. Fake VPNs log people’s online activities and sell the data to data brokers. Some even recruit devices into a botnet-like network to steal the device’s bandwidth. One well-known example is Hola VPN. They use Hola clients’ bandwidth to enable people outside the US to watch Netflix.
Some fake VPNs are straight-up malware in disguise. They’re designed to hijack online accounts, steal banking details, and even lock devices to collect a ransom.
Confusion in the App Stores
App stores are notorious for failing to root out dangerous and privacy-invading apps. Fake apps, or trojans, have been a nuisance in app stores for years.
The public is generally unaware of the dangers of free apps, but most know better than downloading shady antivirus software. However, they’re not as familiar with VPN brands. They could easily get tricked into picking a less-than-reliable VPN.
Case Examples of Recent High-Profile VPN Scams
Even seemingly reliable services can be scams sophisticated enough to dupe moderately tech-savvy users.
Hotspot Shield was outed as a phishing scheme disguised as a VPN promotion. The app injected JavaScript codes into users’ web traffic to display targeted advertisements. While not malicious, it’s a deceptive practice that violates user privacy.
A more sinister example is SuperVPN and its nebulous tentacles, including GeckoVPN. SuperVPN’s first incident was in 2016 when researchers outed the app as riddled with malware. The app was removed only in 2022 after discovering vulnerabilities that redirected users to malicious servers, exposed messages, and facilitated man-in-the-middle (MITM) attacks.
In May 2022, a VPN data leak exposed 21 million user records, revealing SuperVPN’s disturbing links with the fake ChatVPN and GeckoVPN apps. But the worst was yet to come. In 2023, another breach exposed over 360 million records. Researchers discovered links to more fake VPNs, this time StormVPN, LunaVPN, RadarVPN, RocketVPN, and GhostVPN.
Red Flags on Your Network
As someone who is related to the IT industry, you have higher chances to spot some technical red flags indicating a fake VPN.
For example, there might be unusual server connections. Fake VPNs pretend to be based in the US, but they usually route their traffic via China or Russia. You might see connections from unknown locations and at odd times. Act fast—if attackers take over a device of a user with privileged access, they could infiltrate your network and install malware, steal data, or launch attacks on other devices.
When examining the device, test it for DNS and WebRTC leaks, which could indicate misconfigured servers or outdated software. Check the encryption protocol in the VPN app settings. Legitimate VPN services use AES-256 or advanced proprietary encryption. Protocols like PPTP and L2TP are obsolete and easily compromised.
All It Takes Is To Stay Alert
Fake VPNs can pose a dire threat to a personal and company’s secure communications protocols. Regular network monitoring and security checks may help you detect technical red flags. Intervene quickly if any suspicions arise. Stay informed about the latest scams in the cybersecurity world and the risks of using unapproved apps and software.
ABOUT THE AUTHOR
IPwithease is aimed at sharing knowledge across varied domains like Network, Security, Virtualization, Software, Wireless, etc.
