Google Removes Fake VPN Extensions That Infect 1.5 Million Chrome Users

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

Google has dropped 3 malicious VPN extensions that posed as legitimate VPNs after they had accumulated 1.5 million downloads.

The extensions, named netPlus, netSave, and netWin, were spread through an installer concealed in torrents disguised as popular video games like Grand Theft Auto, Assassins Creed, and The Sims 4.

They were first discovered by ReasonLabs and reported to Google, which then promptly removed them from the Google Chrome Web store. According to ReasonLabs, netSave and netWin together accounted for around 500,000 installations, while netPlus had over one million users.

ReasonLabs team reported that they found over 1,000 different torrent files distributing the installer, which appeared as “setup.exe” and labeled “by Igruha.” The size of the installer files varies, but most were around 60 MB, and some were as large as 100MB or more. Once downloaded, the installer unpacks automatically and installs one of the 3 extensions onto the user’s browser without any permission, ReasonLab explains.

These extensions had a realistic VPN interface with limited functionality and a paid subscription option, to seem legitimate. ResearchLabs said their code analysis (the code consisted of 20,000 lines!) revealed the extensions executed a cashback activity fact, a type of cyber attack that targets cash back reward systems used in online transactions. To optimize its functionality, the extensions, once installed, automatically disabled any cashback-related extensions in the infected browsers.

Finally, the extensions were in Russian, so it’s presumed that they largely targeted Russian-speaking communities. ReasonLabs looked at the data and reported that the majority of users whose browsers were infected by this trojan virus were located in Kazakhstan, Moldova, Ukraine, Russia, and other Russian-speaking countries.

To protect your browser, it’s best to get top antivirus software that can flag suspicious downloads and websites. If you’re looking for a good VPN to make sure your online activity is secure and private, check out our list of the best VPNs on the market.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment