- Proton fake VPN extensions found in the Chrome Web Store
- Proton says it reported fake apps to Google three times this year
- Some Proton fake VPN extensions stayed live for weeks, warns Proton
Proton has warned that fake Proton VPN extensions have appeared in Google’s Chrome Web Store, often staying there for weeks before being removed. The company says it has notified Google at least three times just this year.
Despite this, multiple fake listings reportedly passed store review checks and remained live long enough to put users at risk. Proton says the takedown process is too slow, and that delays of several weeks are unacceptable when malicious software is exploiting a trusted provider’s name.
The incident shows that even official browser stores aren’t infallible. As we’ve previously reported, such as in our coverage of a Chrome VPN extension found spying on over 100,000 users, malicious tools can and do make their way into legitimate marketplaces — a major risk when users believe to be installing one of the best VPN apps instead.
What happened, and why Proton is concerned
Proton says attackers created fake browser extensions using its name and branding to trick users into installing malicious software.
The goal was to steal login credentials, access sensitive user data, and potentially monitor browsing activity while impersonating a legitimate virtual private network (VPN) tool.
Since the beginning of the year, we’ve notified @Google about fake Proton VPN extensions in their Chrome Web Store not once, but three times.Bad actors are exploiting this, since Google takes several weeks before taking action, putting users at risk.Here’s how:🧵1/5 pic.twitter.com/5rRCRxqzHJFebruary 19, 2026
According to the company, multiple fake extensions from unverified developers that passed Google’s checks appeared in the Chrome Web Store. Even after Proton reported them, some allegedly remained live for weeks.
Two of these fake Proton VPN apps specifically targeted the Russian market, as the demand for reliable and secure VPNs among residents has never been higher.
Proton has criticized what it describes as “slow and ineffective” moderation, arguing that “every minute these fakes remain online is a security risk for hundreds of thousands of people.”
The risks for users: spyware hiding in plain sight
The danger with fake extensions like this one is that they often operate with sweeping permissions. A malicious tool pretending to be Proton VPN can steal login credentials, access your sensitive account details, and monitor internet traffic. This level of access opens the door to full browsing surveillance, traffic interception, and large-scale metadata collection.
This is part of a broader pattern we’ve been tracking. From typosquatting campaigns — lookalike websites trick users into installing malware — to investigations uncovering VPN apps with hidden ownership links or spyware behavior, the ecosystem isn’t always as trustworthy as it seems.
Careful verification is your best defence
Clearly, being listed in an official browser store doesn’t automatically make an extension legitimate.
Attackers often exploit brand searches, knowing that users will type in trusted names like “Proton VPN” directly into the store and trust the first result that appears legitimate.
Ultimately, this fake Proton VPN extension saga mirrors past incidents where VPN apps were later found to be spyware in disguise — a reminder that even official stores can be exploited.
How to protect yourself: trust, but verify
Proton’s advice on how best to protect yourself is simple: start from the official source. Rather than searching the Chrome Web Store for Proton VPN, go directly to the provider’s website — in this case, proton.me — and use the official download links.
If you do check a store listing, verify that the publisher is “Proton AG,” confirm it links back to the official website, and carefully go over the permissions it requests. Be cautious of VPN browser extensions asking for broad access, such as being able to read and change all website data. If you spot a suspicious listing, report it.
As a rule of thumb, remember — app stores remain useful, but they’re not flawless. As brand impersonation grows more sophisticated, it’s increasingly important to double-check what you install. Proton says stronger moderation is overdue — but until then, careful verification is your best defence.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
https://cdn.mos.cms.futurecdn.net/LVb6rPTzG7GeFrQmZxN7tQ-1920-80.jpg
Source link
monicajwrites@gmail.com (Monica J. White)
