Browser extensions promise convenience, but some take far more than they give. A new report from Koi Security says that FreeVPN.One, a Chrome extension with more than 100,000 installs and even a “Featured” badge, has been secretly taking screenshots of users’ browsing sessions.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER
HOW AI IS NOW HELPING HACKERS FOOL YOUR BROWSER’S SECURITY TOOLS
Google Chrome extension FreeVPN.One has allegedly taken screenshots of users’ sensitive information. (Kurt "CyberGuy" Knutsson)
How FreeVPN.One secretly captured your browsing
Once installed, FreeVPN.One didn’t just handle VPN traffic. It silently captured screenshots of every website you visited, bank logins, private photos, sensitive documents, and sent them to servers controlled by the developer.
Even worse, the extension added permissions step by step, disguising its activity as “AI Threat Detection.” What looked like a useful feature became a tool for constant background surveillance.
Why this Chrome extension threat is so dangerous
People install VPNs to protect their privacy. Instead, this extension flipped that expectation on its head. By using Chrome’s <all_urls> and scripting permissions, FreeVPN.One gained access to every page you opened.
Koi Security researchers tested the extension and confirmed it captured screenshots even on trusted sites like Google Photos and Google Sheets. The developer claimed these images were not stored, but offered no proof.
MALICIOUS BROWSER EXTENSIONS CAUGHT SPYING ON 2 MILLION USERS
The screenshots were allegedly sent to the extension’s developer. (Kurt "CyberGuy" Knutsson)
Warning signs of unsafe free VPN extensions
There were red flags all along:
- Awkward grammar and poorly written descriptions.
- A generic Wix page as the only developer “contact.”
- A promise of unlimited, free VPN service with no clear business model.
While some free VPNs may work responsibly, most need a way to profit. If it isn’t by charging you, it may be by selling your data.
FreeVPN.One developer’s response and Google’s removal
When Koi Security published its findings, the developer behind FreeVPN.One offered a partial explanation. He claimed the automatic screenshot captures were part of a “Background Scanning” feature, intended only for suspicious domains. He also said the images weren’t stored, only briefly analyzed for threats.
But researchers observed screenshots taken on trusted sites like Google Photos and Google Sheets, which don’t fit that explanation. When asked to provide proof of legitimacy, such as a company profile, GitHub repository, or professional contact, the developer stopped responding. The only public link tied to the extension led to a basic Wix starter page.
FreeVPN.One has been removed from the Chrome Web Store. Attempts to visit its page now return the message: “This item is not available.”
While the removal reduces the risk of new downloads, it also highlights a troubling gap. The extension spent months with spyware behavior while still carrying a verified label, raising questions about how thoroughly Chrome reviews updates to featured extensions.
GOOGLE FIXES ANOTHER CHROME SECURITY FLAW BEING ACTIVELY EXPLOITED
FreeVPN.one is not available in the Microsoft Edge store (Koi Security)
Steps to protect yourself from VPN extension spyware
If you’ve installed FreeVPN.One or any suspicious Chrome VPN extension, take these steps if you are concerned for your cybersecurity:
1) Uninstall immediately
Go to Chrome > Window > Extensions and click remove.
2) Use a trusted VPN
Stick to reliable VPN providers that have proven track records, audited policies, and transparent operations. By choosing a legitimate VPN, you take control of your privacy instead of handing it over to an anonymous developer. A reliable VPN is also essential for protecting your online privacy and ensuring a secure, high-speed connection.
For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com/VPN
3) Scan your device with strong antivirus software
Run a trusted antivirus tool to check for hidden malware. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech
4) Change your passwords
Assume anything typed or viewed could have been logged. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.
Next, see if your passwords have been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords
5) Use a personal data removal service
Extensions like FreeVPN.One show how easily your private details can be collected and exploited. Even after uninstalling spyware, your personal information may already be circulating on data broker sites that sell your identity to marketers, scammers, and even cybercriminals. A personal data removal service can scan for your information across hundreds of broker sites and automatically request its removal. This limits how much of your data can be weaponized if it’s ever exposed through an extension like this.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan
6) Check permissions
Before adding any extension, review what it requests. If a VPN wants access to “all websites,” that’s a red flag.
CLICK HERE TO GET THE FOX NEWS APP
Kurt’s key takeaways
FreeVPN.One is a reminder that “free” often comes at a hidden cost; your data. Don’t assume an extension is safe just because it looks popular or carries a badge. Be critical, vet carefully, and use privacy tools backed by real companies.
Would you trade your browsing privacy for a free tool, or is it time to rethink the cost of “free”? Let us know by writing to us at Cyberguy.com/Contact
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER
Copyright 2025 CyberGuy.com. All rights reserved.