This article discusses the security risks associated with the FreeVPN.One Chrome extension, which was found to be secretly capturing users’ browsing data.
A recent report from Koi Security has raised alarms about a Chrome extension masquerading as a free VPN service. The extension, named FreeVPN.One, has over 100,000 installations and even boasts a “Featured” badge, yet it has been discovered to be capturing screenshots of users’ browsing sessions without their consent.
While browser extensions are often designed to enhance user experience, some can pose significant security threats. FreeVPN.One, once installed, did not merely facilitate VPN traffic; it secretly recorded screenshots of every website visited, including sensitive information such as bank logins, private photos, and confidential documents. These images were sent to servers controlled by the extension’s developer.
Alarmingly, the extension gradually added permissions under the guise of “AI Threat Detection,” transforming what appeared to be a helpful feature into a tool for continuous surveillance. Users typically install VPNs to safeguard their privacy, but FreeVPN.One subverted this expectation by exploiting Chrome’s permissions to gain access to every page users opened.
Koi Security’s researchers tested the extension and confirmed that it captured screenshots even on trusted platforms like Google Photos and Google Sheets. The developer claimed that these images were not stored but provided no evidence to support this assertion.
There were several warning signs regarding FreeVPN.One. While some free VPN services operate responsibly, many rely on alternative revenue streams, often involving the sale of user data. Following Koi Security’s findings, the developer offered a partial explanation, asserting that the automatic screenshot captures were part of a “background scanning” feature meant only for suspicious domains. However, the evidence of screenshots taken from reputable sites contradicted this claim.
When pressed for proof of legitimacy, such as a company profile or professional contact information, the developer ceased communication. The only public link associated with the extension led to a basic Wix starter page, raising further concerns about its credibility.
In response to the report, FreeVPN.One has been removed from the Chrome Web Store. Attempts to access its page now return a message indicating that the item is no longer available. While this removal mitigates the risk of new downloads, it underscores a troubling gap in security oversight. The extension exhibited spyware behavior for months while still maintaining a verified label, prompting questions about the thoroughness of Chrome’s review process for featured extensions.
If you have installed FreeVPN.One or any suspicious Chrome VPN extension, it is crucial to take immediate action to protect your cybersecurity. Users should navigate to Chrome, select Window, then Extensions, and remove any questionable extensions.
It is advisable to stick to reputable VPN providers that have established track records, transparent operations, and audited policies. Choosing a legitimate VPN allows users to maintain control over their privacy rather than relinquishing it to an anonymous developer. A trustworthy VPN is essential for ensuring online privacy and providing a secure, high-speed connection.
Additionally, running a reliable antivirus tool can help detect hidden malware. Strong antivirus software can alert users to phishing emails and ransomware scams, safeguarding personal information and digital assets.
Users should also consider employing a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. It is important to check whether passwords have been exposed in previous data breaches. The top password managers often include built-in breach scanners that can identify compromised passwords, prompting users to change any reused credentials.
Extensions like FreeVPN.One illustrate how easily personal information can be collected and exploited. Even after uninstalling such spyware, personal data may already be circulating on data broker sites, where it can be sold to marketers, scammers, and cybercriminals. Utilizing a personal data removal service can help scan for personal information across numerous broker sites and request its removal, limiting the potential for misuse.
Before adding any extension, it is essential to review the permissions it requests. If a VPN seeks access to “all websites,” this should raise a red flag. FreeVPN.One serves as a stark reminder that “free” services often come with hidden costs—namely, the compromise of user data. Users should remain vigilant, conduct thorough vetting, and utilize privacy tools backed by reputable companies.
In conclusion, the question remains: Would you trade your browsing privacy for a free tool, or is it time to reconsider the true cost of “free” services?
Source: Original article