Fake Proton VPN extensions slip into Chrome Web Store — here’s how to stay safe
- Fake Proton VPN Extensions Found in Chrome Web Store
- Proton says it reported fake apps to Google three times this year
- Some fake Proton VPN extensions remained active for weeks, Proton warns
Proton has warned that fake Proton VPN extensions have been appearing in Google’s Chrome Web Store, often remaining there for weeks before being removed. The company says it has notified Google at least three times this year.
Despite this, several fake ads reportedly passed store review checks and remained online long enough to put users at risk. Proton says the withdrawal process is too slow and delays of weeks are unacceptable when malware exploits the name of a trusted provider.
The incident shows that even official browser stores are not foolproof. As we have previously reported, such as in our coverage of a Chrome VPN extension found spying on over 100,000 users, malicious tools can and do find their way into legitimate markets – a major risk when users think they’re installing one of the best VPN apps instead.
What happened and why Proton is concerned
Proton claims that attackers created fake browser extensions using its name and branding to trick users into installing malware.
The goal was to steal login credentials, access sensitive user data, and potentially monitor browsing activity while impersonating a legitimate user. virtual private network (VPN) tool.
Since the start of the year, we’ve notified @Google about fake Proton VPN extensions in their Chrome Web Store not once, but three times. Malicious actors exploit this because Google takes several weeks to act, putting users at risk. Here’s how:🧵1/5 pic.twitter.com/5rRCRxqzHJFebruary 19, 2026
According to the company, several fake extensions from unverified developers who passed Google’s checks appeared in the Chrome Web Store. Even after Proton reported them, some would have remained alive for weeks.
Two of these fake Proton VPN apps specifically targeted the Russian market, as the demand for reliable and secure VPNs among residents has never been higher.
Proton criticized what it described as “slow and ineffective” moderation, arguing that “every minute these fakes remain online poses a security risk to hundreds of thousands of people.”
Risks to Users: Spyware Hidden in Plain Sight
The danger of fake extensions like this is that they often operate with broad permissions. A malicious tool masquerading as Proton VPN can steal login credentials, access your sensitive account details, and monitor internet traffic. This level of access opens the door to comprehensive browsing monitoring, traffic interception and large-scale detection. metadata collection.
This is part of a larger pattern that we follow. From typosquatting campaigns (similar websites trick users into installing malware) to investigations revealing VPN apps with hidden proprietary links or spyware behavior, the ecosystem isn’t always as trustworthy as it seems.
A careful check is your best defense
Obviously, being listed in an official browser store does not automatically make an extension legitimate.
Attackers often exploit branded searches, knowing that users will type trusted names like “Proton VPN” directly into the store and trust the first result that looks legitimate.
Ultimately, this fake Proton VPN extension saga reflects past incidents in which VPN apps turned out to be spyware in disguise – a reminder that even official stores can be exploited.
How to protect yourself: trust, but verify
Proton’s advice to best protect yourself is simple: start with the official source. Rather than searching for Proton VPN in the Chrome Web Store, go directly to the supplier’s website – in this case, proton.me – and use the official download links.
If you view a list of stores, check that the publisher is “Proton AG”, confirm it refers to the official website, and carefully review permissions he asks. Be wary of VPN browser extensions that request broad access, such as the ability to read and modify all website data. If you spot a suspicious ad, report it.
As a general rule, remember: app stores are still useful, but they’re not perfect. As brand impersonation becomes more sophisticated, it is increasingly important to double check what you install. Proton says stronger moderation is expected – but until then, careful vetting is your best defense.
