Updated on: December 26, 2023
Google has dropped 3 malicious VPN extensions that posed as legitimate VPNs after they had accumulated 1.5 million downloads.
The extensions, named netPlus, netSave, and netWin, were spread through an installer concealed in torrents disguised as popular video games like Grand Theft Auto, Assassins Creed, and The Sims 4.
They were first discovered by ReasonLabs and reported to Google, which then promptly removed them from the Google Chrome Web store. According to ReasonLabs, netSave and netWin together accounted for around 500,000 installations, while netPlus had over one million users.
ReasonLabs team reported that they found over 1,000 different torrent files distributing the installer, which appeared as “setup.exe” and labeled “by Igruha.” The size of the installer files varies, but most were around 60 MB, and some were as large as 100MB or more. Once downloaded, the installer unpacks automatically and installs one of the 3 extensions onto the user’s browser without any permission, ReasonLab explains.
These extensions had a realistic VPN interface with limited functionality and a paid subscription option, to seem legitimate. ResearchLabs said their code analysis (the code consisted of 20,000 lines!) revealed the extensions executed a cashback activity fact, a type of cyber attack that targets cash back reward systems used in online transactions. To optimize its functionality, the extensions, once installed, automatically disabled any cashback-related extensions in the infected browsers.
Finally, the extensions were in Russian, so it’s presumed that they largely targeted Russian-speaking communities. ReasonLabs looked at the data and reported that the majority of users whose browsers were infected by this trojan virus were located in Kazakhstan, Moldova, Ukraine, Russia, and other Russian-speaking countries.
To protect your browser, it’s best to get top antivirus software that can flag suspicious downloads and websites. If you’re looking for a good VPN to make sure your online activity is secure and private, check out our list of the best VPNs on the market.