Cybersecurity Alert: Dangerous Malware Spreading Rapidly, Disguised as Free VPN
Cybersecurity experts are noting a disturbing trend: malicious software designed to steal data and commit financial fraud is actively spreading under the guise of free Virtual Private Network (VPN) services.
The New Threat: Klopatra Botnet and the "Fake" VPN
Cleafy, a cybersecurity firm, has issued an alert regarding the rapid proliferation of the Klopatra malware. This malicious program cunningly disguises itself as Mobdro Pro IP, a seemingly free VPN application. The Klopatra botnet, which utilizes infected devices, has currently exceeded 3,000 nodes, with the majority concentrated in Spain and Italy.
The surge in such malicious software is no accident. Increased government control over personal data in various countries is pushing people to seek out tools for anonymity, making free VPNs an easy target for threat actors. In Spain, for instance, the previously popular Mobdro app was blocked by the government, and Klopatra is now using its name to deceive users, despite having no affiliation with the original service.
The criminals behind Klopatra heavily rely on social engineering, playing on users' fears and promising "privacy protection." Under this pretense, the malware tricks victims into granting the application extensive permissions. The objective is to gain control over Accessibility Services, allowing it to impersonate the user, log into banking apps, drain accounts, and enlist the infected gadget into the botnet for future attacks. Furthermore, the malware authors exploit users' desire to bypass legal restrictions, offering fake protection for quasi-legal activities, such as paying for services officially restricted in their home countries.
Beyond Klopatra: Vectors of Threat Multiply
Klopatra is not an isolated case. Last year, several other popular free VPN services were exploited as vectors for malware distribution, including MaskVPN, PaladinVPN, ShineVPN, ShieldVPN, DewVPN, and ProxyGate. The speed at which new, unverified VPN tools appear on online stores and platforms creates a fertile ground for device infection.
Fresh Data: The Dangers of Free VPNs and Scams in 2024–2025
In addition to the direct installation of malware, experts highlight that using free VPNs carries several other serious risks that have been widely reported in 2024–2025:
1. Selling User Data and Lack of Privacy.
The core risk is monetization: free services must generate revenue somehow. This is often achieved by collecting and selling vast amounts of user data, including browsing history and even personal information, to large analytics or advertising companies. Essentially, the "free" VPN becomes a tool for total surveillance rather than protection.
2. Involvement in Botnets and Proxy Networks.
The most significant case in 2024 was the 911 S5 botnet. An international operation led by the U.S. Department of Justice shut down one of the largest botnets in history. The criminals used millions of computers across 190 countries, including those whose owners used "free" VPN/proxy services, to execute large-scale cyberattacks, financial fraud, and money laundering. Unsuspecting users' devices were being weaponized for crime.
3. Ad Injection and Phishing Threats.
Many free VPNs inject their own advertising banners directly into the "encrypted tunnel." Clicking such an ad can lead to fraudulent schemes, the download of viral or spyware, or redirection to phishing pages.
4. IP Leakage and Connection Drops.
Free services often suffer from unstable connections, leading to periodic VPN connection drops. During these moments, traffic can momentarily exit into the public network, exposing the user's real IP address and other data (known as an "IP leak" or DNS leak).
Free VPNs are consistently found to be "black boxes" that pose significant risks to users. These services often carry a high probability of hidden threats, which include the sale of your personal data, ad injection, and the terrifying possibility of your device being weaponized for global cybercrime schemes.
