Virtual private networks (VPNs) are important if you care about your data and privacy. They create a secure, encrypted connection between your device and the internet, hiding your IP address and protecting your online activity.

There are tons of apps out there that claim to offer VPN services, but not all of them are legit. Some are fakes trying to steal your data.

In the third quarter of 2024, security researchers found that the number of users encountering fake VPN apps jumped 2½ times compared to the second quarter globally. These apps were either malware or programs that could be used by malicious actors.

I’m diving into the rise of fake VPN apps and how you can stay safe.

What you need to know about the surge in fake VPN apps

According to Kaspersky, cybercriminals are taking advantage of people who want to use free VPN services. In May 2024, law enforcement shut down a botnet, a network of hijacked devices, called 911 S5. Several free VPN services, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN, were used to create this botnet.

When users installed these VPN apps, their devices were turned into proxy servers, meaning they were used to redirect someone else’s internet traffic.

This huge network spread across 19 million unique IP addresses in over 190 countries, making it possibly the largest botnet ever created. The people controlling the botnet sold access to these infected devices to other criminals, who used them for cyberattacks, money laundering and fraud.

Don’t trust free VPNs

You can’t trust free VPN apps because they have no reason to keep you or your data safe. Here's why you should be cautious:

Data sharing: Many free VPNs share user data with third parties.

Many free VPNs share user data with third parties. Weak encryption: About 36% of free VPNs use weak encryption, compromising your online security.

About 36% of free VPNs use weak encryption, compromising your online security. Data leaks: Nearly 90% of free VPNs leak some kind of data, with 17% leaking more than they should.

Nearly 90% of free VPNs leak some kind of data, with 17% leaking more than they should. Unreliable connections: More than half of free VPNs have unstable connections.

More than half of free VPNs have unstable connections. Excessive permissions: Almost 70% ask for permissions they shouldn't need, like tracking your location (20%) or checking what apps you have installed (46%).

Why people fall for fake VPNs

There's a growing demand for VPN apps across all platforms, including smartphones and computers. Users often believe that if they find a VPN app in an official store, like Google Play, it's safe to use. They're especially drawn to free services, thinking it's a great deal. However, this can often be a trap.

Choose trusted VPN services for optimal security and privacy

If you need a VPN, stick to a service that’s well-known, trusted and not free. Look for ones that are talked about on mainstream sites and backed by solid reviews. If you’re not sure where to start, I’ve put together a handy list of my favorite VPNs . I’ve tested them myself, and you can trust them to keep your data safe. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices .

7 important tips for choosing and using VPNs

Here are seven essential steps to help you choose a reliable VPN and safeguard your online privacy.

1. Stick to official app stores: Always download apps from trusted platforms like the App Store for iOS or the Google Play Store for Android. These stores have built-in security measures that help detect and remove fake or harmful apps. Avoid downloading apps from random websites or third-party stores, as they are more likely to host malicious software. Even on official stores, check the app’s reviews, ratings and download count to ensure it’s trustworthy.

2. Pay attention to app permissions: Be careful about the permissions you grant to apps during installation. A flashlight app, for example, doesn’t need access to your contacts or location. Question any permission that doesn’t align with the app’s functionality. Both iOS and Android allow you to review and manage app permissions in your settings, so take the time to double-check what you’ve already allowed.

3. Use two-factor authentication (2FA): Implement 2FA for your VPN accounts to add an extra layer of security beyond just a password.

4. Keep software updated: Regularly update all VPN-related software, including clients, servers and associated networking hardware, to benefit from the latest security patches and improvements.

5. Use strong encryption: Look for VPN services that use robust encryption protocols like AES-256 to protect your data.

6. Monitor VPN traffic: Continuously monitor VPN traffic and logs for unusual patterns that might indicate security issues.

7. Invest in strong antivirus software: A strong antivirus program can help detect and remove malware before it compromises your device. Many antivirus apps also come with features like web protection, anti-phishing tools and the ability to scan new apps for threats. While there are free options, premium versions often provide more comprehensive protection. Look for a trusted name in cybersecurity when choosing an antivirus solution. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices .

Kurt’s key takeaway

Fake VPN apps are everywhere, and they’re bad news. They’re not just useless. They can turn your device into a tool for cybercriminals. The 911 S5 botnet showed us just how dangerous free VPNs can be, turning millions of devices into a giant network for fraud and attacks. The truth is free VPNs aren’t really free. They often come with weak security, leak your data or demand permissions that put your privacy at risk. If you’re serious about protecting your online activity, invest in a trusted, paid VPN service.

