Virtual Private Networks (VPNs) have become essential tools for internet users. However, the allure of free VPN services can sometimes lead to unexpected and dangerous consequences.
This article delves into the hidden risks of free VPNs, highlighting a significant incident involving the 911 S5 botnet and other malicious activities.
The saying “There’s no such thing as a free lunch” has evolved into “If you’re not paying for the product, you are the product” in the digital age. This hypothesis is particularly relevant to VPN services.
Maintaining a global network of servers and handling encrypted traffic is costly. When users aren’t asked to pay for these services, there is often a hidden catch.
In May 2024, the FBI, in collaboration with international law enforcement, dismantled the 911 S5 botnet. This network spanned 19 million unique IP addresses across over 190 countries, making it one of the largest botnets ever.
According to Kaspersky reports, the botnet’s creators used several free VPN services, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN, to build their malicious network.
Users who installed these free VPN apps unknowingly turned their devices into proxy servers, channeling someone else’s traffic.
Cybercriminals paid the 911 S5 organizers for access to these proxy servers, using them for illicit activities such as cyberattacks, money laundering, and mass fraud. As a result, users became unwitting accomplices in these crimes.
The 911 S5 botnet began operations in May 2014, and the free VPN apps have circulated since 2011. Despite a temporary takedown in 2022, the botnet resurfaced under the alias CloudRouter.
By the time the FBI dismantled the botnet in 2024, it had earned its creators an estimated $99 million. The confirmed losses to victims amounted to several billion dollars.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
The 911 S5 botnet is not an isolated incident. In March 2024, a similar scheme involving several dozen apps on Google Play was uncovered. Among these apps, free VPNs constituted the bulk of the infected ones.
The list included:
There were two primary modes of infection. Earlier versions of the apps used the ProxyLib library to transform devices into proxy servers.
More recent versions employed an SDK called LumiApps, which ostensibly offered monetization through hidden pages but turned devices into proxy servers.
The infected VPN apps were removed from Google Play after publishing the report. However, they continue circulating on alternative platforms like APKPure, sometimes under different developer names. This persistence underscores the ongoing threat posed by malicious free VPN apps.
Given the risks associated with free VPNs, investing in a reputable, paid VPN service is the optimal solution. Paid VPNs are more likely to offer robust security features, reliable performance, and transparent privacy policies.
They are also less likely to engage in malicious activities, as their revenue model relies on user subscriptions rather than hidden monetization schemes.
While the promise of free VPN services may be tempting, the hidden costs can be significant. The 911 S5 botnet and other malicious activities highlight the dangers of using free VPNs.
By investing in a reputable, paid VPN service, users can ensure their online privacy and security without falling victim to hidden threats.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The U.S. Department of Justice unsealed federal charges Thursday against Russian national Rustam Rafailevich Gallyamov,…
A comprehensive security research demonstration has revealed how attackers can systematically undermine modern zero-trust security…
A cybersecurity threat has emerged targeting one of the world's largest fast-food chains, as a…
The cybersecurity landscape witnessed a significant milestone this February with the emergence of BypassERWDirectSyscallShellcodeLoader, a…
Cybercriminals are increasingly targeting cryptocurrency users through sophisticated malware campaigns that exploit the trust placed…
Cybersecurity researchers have uncovered a sophisticated new formjacking malware campaign targeting WooCommerce-powered e-commerce websites, representing…