One of the Most Popular Free VPN Tools Secretly Took Continuous Screenshots of Users’ Screens

⬤ FreeVPN.One extension covertly captured screenshots of every webpage visited, sending them to remote servers along with user identifiers.

⬤ Even when disabled, the feature continued collecting and transmitting screenshots, exposing users to constant background monitoring.

⬤ After Koi Security confronted the developer, all communication ceased, and Google permanently banned the extension from the Chrome Web Store.

Using free software or online services without a trusted open-source foundation often demands a high level of user trust. In the case of FreeVPN.One, that trust was ultimately betrayed.

A new report from cybersecurity firm Koi Security has revealed that the FreeVPN.One Chrome extension, which had more than 100,000 users, secretly captured continuous screenshots of users’ activity without their knowledge. The extension had long promoted itself as a privacy and anti-tracking tool, but in reality, it was doing the exact opposite.

According to Koi’s findings, FreeVPN.One functioned as a fully-fledged surveillance tool rather than a simple security risk. Although the developer claimed not to collect personal data, the software silently took screenshots of every webpage visited, seconds after it was loaded. These images were then transmitted to remote servers along with the page URL, browser tab ID, and a unique user identifier, all without consent.

The extension also featured an option called “AI Threat Detection,” which ostensibly analyzed screenshots for malicious content. However, Koi discovered that the extension continued capturing and sending screenshots in the background even when this feature was inactive.

In addition, the extension demanded excessive permissions, including access to browser settings, open tabs, and full browsing history. This allowed it to gather comprehensive data about user behavior. When Koi Security contacted the developer to verify their identity and credentials, all communication abruptly ceased, and the individual disappeared from public view.

The findings came as a shock to many users who had installed FreeVPN.One to protect their privacy. Following the report, Google removed the malicious extension from the Chrome Web Store entirely.

The incident serves as a stark reminder that when it comes to privacy and security, “free” often comes at a higher cost than users expect.