While browser extensions promise convenience and enhanced security, some can pose serious privacy threats. Recent investigations reveal that FreeVPN.One, a widely used Chrome extension with over 100,000 downloads and a featured badge, was secretly capturing users’ browsing activity through screenshots.

Hidden Surveillance Behind a Trusted Badge

Despite its legitimate appearance, FreeVPN.One was not just managing VPN traffic. Researchers from Koi Security discovered that the extension silently took screenshots of users’ websites, including sensitive content such as banking logins, personal photos, and confidential documents. These images were then transmitted to servers controlled by the extension’s developer, raising significant privacy concerns.

The extension’s permission requests gradually increased, disguising invasive activities under the guise of “AI Threat Detection.” What seemed like a helpful security feature became a covert surveillance tool, monitoring every webpage visited without user consent.

Tests confirmed that screenshots were captured even on trusted sites like Google Photos and Google Sheets. The extension claimed these images were not stored but merely analyzed for threats—a claim that has been challenged by the suspicious nature of its activity and lack of transparency.

Malicious Extensions Leave Millions Vulnerable

The discovery of spyware behavior in FreeVPN.One highlights a broader issue with free browser extensions. Many free VPNs and add-ons are motivated by profit, often at the expense of user privacy. While some may operate responsibly, the majority rely on monetizing user data through sales or targeted advertising.

Following the investigation, the extension was removed from the Chrome Web Store, with its page now showing a message: “This item is not available.” However, the incident exposes gaps in Chrome’s review process for featured extensions, allowing malicious software to circulate for months under verified labels.

Protect Your Privacy and Security

If you installed FreeVPN.One or similar suspicious extensions, it’s crucial to act quickly:

• Navigate to Chrome > Extensions and remove any untrusted VPN or browser add-ons.
• Choose reputable VPN providers with transparent policies and verified security measures. Trusted services often have independent audits and clear data handling practices.
• Run a trusted antivirus or anti-malware scan to detect and remove hidden malicious software.
• Use a password manager to generate and store strong, unique passwords, and check if your credentials have been exposed in data breaches via dedicated breach monitoring tools.
• Consider employing a personal data removal service to help erase your information from data broker sites, reducing risks of identity theft and targeted scams.

Always scrutinize extension permissions carefully. If a VPN requests access to “all websites,” it’s a sign to be cautious. Remember, free extensions can come at a hidden cost—your privacy. Prioritize tools from reputable companies that prioritize transparency and security.

Stay Informed and Vigilant

Protecting yourself online requires vigilance. Regularly review extension permissions, use reliable security software, and stay informed about emerging threats. For expert reviews on the best VPNs and cybersecurity tools, visit trusted sources such as Cyberguy.com/VPN.

By remaining cautious and informed, you can safeguard your personal data from malicious extensions and ensure your browsing remains private and secure.

Ethan Cole

I'm Ethan Cole, a tech journalist with a passion for uncovering the stories behind innovation. I write about emerging technologies, startups, and the digital trends shaping our future. Read me on x.com