Tech giant Google has issued a stark warning to the billions of people worldwide who use virtual private networks (VPNs), alerting them to a surge in malicious applications that are secretly spying on users.
The Growing Threat of Fake VPNs
In a recent fraud and scams advisory published on November 11, 2025, Google detailed how cybercriminals are aggressively targeting VPN users. These threat actors create and distribute dangerous apps that are cleverly disguised as legitimate, trusted VPN services.
Google stated that these malicious applications are being spread across a wide range of platforms with the sole intention of compromising user security and privacy. The company explained that the criminals often impersonate well-known enterprise and consumer VPN brands to appear authentic.
To lure in victims, they also deploy sophisticated social engineering tactics. These can include using sexually-suggestive advertising or exploiting current geopolitical events to target vulnerable individuals who are actively seeking secure and private internet access.
How These Malicious VPNs Attack Your Device
Once a user is tricked into installing one of these fake VPNs, the application acts as a vehicle to deliver dangerous malware directly onto the device.
Google has warned that the malicious payloads can include several types of highly damaging software. These are often info-stealers, which are designed to hunt for and extract sensitive personal information. Other common threats are remote access trojans (RATs), which give attackers full control over a victim's device, and banking trojans, which specifically target financial login credentials.
The data that is at risk includes a user's entire browsing history, private messages, sensitive financial credentials, and even information linked to cryptocurrency wallets.
How to Protect Yourself from VPN Scams
For users concerned about their safety, Google recommends leveraging the built-in security features on its platforms. Android devices and Google Play utilise machine learning algorithms designed to detect potentially harmful applications before they can cause harm.
A key step for protection is to ensure that Google Play Protect is turned on. This service helps keep apps safe and user data private by continuously scanning devices.
Google Play Protect also includes an enhanced fraud protection pilot. This feature is particularly effective against a common attack method known as 'Internet-sideloading', where users install apps from sources outside the official app store, such as web browsers or messaging apps. The system automatically analyses and can block the installation of apps that request sensitive permissions often abused for financial fraud.
Finding a VPN Provider You Can Trust
Amid the warnings about fake services, the UK's renowned consumer watchdog, Which?, has listed several popular and reputable VPN providers that can be purchased directly from the source.
ExpressVPN is a prominent option, boasting servers in 105 countries. Its payment plans include a deal offering two years and four months of coverage for £4.03 per month (totalling £112.88 for the full 28 months).
Another highly-rated service is NordVPN, which offers servers across 126 global locations, with over 8,000 VPN servers in total. Its most budget-friendly plan is available for £2.57 per month when committing to a two-year subscription.
For those seeking a lower-cost alternative, Private Internet Access VPN costs £1.69 per month for a 26-month plan, or £5.39 per month for a six-month plan. This provider has servers in 91 countries.
Finally, Surfshark provides another reliable choice, with more than 3,000 VPN servers located in 100 countries. Among its nine payment plans, the cheapest option is £2.59 per month for a 12-month subscription.
