Fake Proton VPN extensions slip into Chrome Web Store — here’s how to stay safe

News
By published

Malicious extensions impersonating Proton VPN passed Google’s checks and stayed live for weeks

In this photo illustration, a silhouetted woman holds a smartphone with the Google Chrome logo displayed on the screen.
(Image credit: Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
  • Proton fake VPN extensions found in the Chrome Web Store
  • Proton says it reported fake apps to Google three times this year
  • Some Proton fake VPN extensions stayed live for weeks, warns Proton

Proton has warned that fake Proton VPN extensions have appeared in Google’s Chrome Web Store, often staying there for weeks before being removed. The company says it has notified Google at least three times just this year.

Despite this, multiple fake listings reportedly passed store review checks and remained live long enough to put users at risk. Proton says the takedown process is too slow, and that delays of several weeks are unacceptable when malicious software is exploiting a trusted provider's name.

The incident shows that even official browser stores aren’t infallible. As we’ve previously reported, such as in our coverage of a Chrome VPN extension found spying on over 100,000 users, malicious tools can and do make their way into legitimate marketplaces — a major risk when users believe to be installing one of the best VPN apps instead.

What happened, and why Proton is concerned

Proton says attackers created fake browser extensions using its name and branding to trick users into installing malicious software.

The goal was to steal login credentials, access sensitive user data, and potentially monitor browsing activity while impersonating a legitimate virtual private network (VPN) tool.

According to the company, multiple fake extensions from unverified developers that passed Google’s checks appeared in the Chrome Web Store. Even after Proton reported them, some allegedly remained live for weeks.

Two of these fake Proton VPN apps specifically targeted the Russian market, as the demand for reliable and secure VPNs among residents has never been higher.

Proton has criticized what it describes as "slow and ineffective" moderation, arguing that "every minute these fakes remain online is a security risk for hundreds of thousands of people."

The risks for users: spyware hiding in plain sight

The danger with fake extensions like this one is that they often operate with sweeping permissions. A malicious tool pretending to be Proton VPN can steal login credentials, access your sensitive account details, and monitor internet traffic. This level of access opens the door to full browsing surveillance, traffic interception, and large-scale metadata collection.

This is part of a broader pattern we've been tracking. From typosquatting campaigns — lookalike websites trick users into installing malware — to investigations uncovering VPN apps with hidden ownership links or spyware behavior, the ecosystem isn't always as trustworthy as it seems.

Careful verification is your best defence

Clearly, being listed in an official browser store doesn’t automatically make an extension legitimate.

Attackers often exploit brand searches, knowing that users will type in trusted names like "Proton VPN" directly into the store and trust the first result that appears legitimate.

Ultimately, this fake Proton VPN extension saga mirrors past incidents where VPN apps were later found to be spyware in disguise — a reminder that even official stores can be exploited.

How to protect yourself: trust, but verify

Proton’s advice on how best to protect yourself is simple: start from the official source. Rather than searching the Chrome Web Store for Proton VPN, go directly to the provider’s website — in this case, proton.me — and use the official download links.

If you do check a store listing, verify that the publisher is "Proton AG," confirm it links back to the official website, and carefully go over the permissions it requests. Be cautious of VPN browser extensions asking for broad access, such as being able to read and change all website data. If you spot a suspicious listing, report it.

As a rule of thumb, remember — app stores remain useful, but they’re not flawless. As brand impersonation grows more sophisticated, it’s increasingly important to double-check what you install. Proton says stronger moderation is overdue — but until then, careful verification is your best defence.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Monica J. White
Monica J. White
Contributing Writer

Monica is a tech journalist with over a decade of experience. She writes about the latest developments in computing, which means anything from computer chips made out of paper to cutting-edge desktop processors.

GPUs are her main area of interest, and nothing thrills her quite like that time every couple of years when new graphics cards hit the market.

She built her first PC nearly 20 years ago, and dozens of builds later, she’s always planning out her next build (or helping her friends with theirs). During her career, Monica has written for many tech-centric outlets, including Digital Trends, SlashGear, WePC, and Tom’s Hardware.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.