While most people already know that using a free VPN app comes with serious risks, there are still many who are falling victim to malicious free VPNs.
In the latest example, security researchers at Bitdefender issued a report warning users about a free VPN called S5Mark. The underlying malware is called “Zacinlo” and it has been around since 2011. But over the past two years, they have added a rootkit, which predominately affects Windows 10 computers.
The rootkit is delivered by the free VPN app. Through the app, additional Zacinlo modules are downloaded onto the user’s device, including the rootkit. The rootkit is extremely difficult to remove and is essentially able to perform a man-in-the-middle attack and:
- Redirect pages in your browser
- Load websites in hidden windows
- Steal passwords, login credentials, and other private data
- Inject ads
- Take and send screenshots from your device
- Intercept encrypted communications
- Detect and disable third-party antivirus software
CyberGhost was also called out last year for installing a hidden root certificate with their VPN app. CyberGhost claimed this was for their ad-blocking feature, but disabled the root certificate after much criticism. (Check out the VPN ad blocker article for more details.)
Here is what the malicious S5Mark free VPN looks like:
Getting the Zacinlo malware off your device is also quite difficult because it copies encrypted versions of itself across the user’s computer. Additionally, it can also update itself and receive instructions from the malware’s command center.
Those who are behind this malware project make money through convoluted advertising schemes, data collection, and other fraudulent activities. As described in the Bitdefender report:
While generating untold revenue for the companies that run these programs, adware has witnessed constant improvements over the years in both data collection and resilience to removal. The line between adware and spyware has become increasingly fuzzy during recent years as modern adware combines aggressive opt-outs with confusing legal and marketing terms as well as extremely sophisticated persistence mechanisms aimed at taking control away from the user.
Of course, the best solution is to simply avoid shady free software from untrustworthy sources.
Free VPN apps are dangerous
Free VPN services are a popular attack vector with the growing interest in online privacy. Unfortunately, they are often marketed as a tool that gives the user “privacy” and “security” from online threats, when in fact it is these free VPNs that are often malicious.
- Hidden tracking libraries
- Third party access to your data
- Stolen bandwidth
- Browser hijacking
- Data leaks
- Financial fraud
Given that running a VPN service costs money, it only makes sense that there is no completely “free” VPN without any strings attached. Of course, this problem is not exclusive to VPNs – there are many other free apps and games that also collect data for profit.
It’s also important to note that many paid VPNs can also have vulnerabilities that affect user privacy and security. So the bottom line is to do your research and consider the source.
But as for free VPN services, the old saying is generally true: when something is free, you are the product.