Researchers have found various flaws in popular VPN applications that may have exposed users to the hackers allowing them to install malicious updates and ransomware remotely.
According to the experts, top VPN apps including PrivateVPN and Betternet were found to be able to download fake software updates forcing users to install malware, keyloggers, etc. eventually helping in stealing private data.
Other VPN applications like Torguard, CyberGhost, Hotspot Shield and Hide Me were also found to be vulnerable and allowed the researchers to intercept the communication.
Both Betternet and PrivateVPN were informed in February 2020 following which the flaws have been patched, however, VPNpro states that, “rather than protect their users’ data, PrivateVPN and Betternet have instead overlooked a crucial security aspect that allows for malicious actors to steal that data or do even worse actions.”
Vulnerable VPNs
While PrivateVPN not only downloaded a fake software update, it installed the update without the letting know about it. Betternet, on the other hand, did download the fake app but it sent a notification to the user to update the desktop application.
Once installed, it would be a cakewalk for hackers to collect and steal personal data, process unauthorized payments, install ransomware on the device, or use the system of various illegal activities.
Other VPN apps like ExpressVPN, Surfshark, NordVPN, Tunnel Bear, IPVanish, PIA, Windscribe, Ivacy, HMA, VyprVPN, ProtonVPN, TurboVPN, PureVPN and Hola VPN which were a part of this test were found to be safe and did not have this vulnerability. VPNpro states that the researchers were not able to intercept the connection made using these VPNs.
To ensure safety, the experts advise against downloading anything especially software updates while you’re connected to free or public WiFi and suggest to “be extra safe and not use public wifi at all, or make sure that the wifi you’re connecting to is actually from the cafe, airport, or whatever location. That’s one important step you can take, but it can be hard to verify the free wifi you’re using.”
Via: VPNPro
