Technology
Malicious apps posing as VPNs can turn your device into a tool for cyberattacks
Virtual private networks (VPNs) are important if you care about your data and privacy. They create a secure, encrypted connection between your device and the internet, hiding your IP address and protecting your online activity.
There are tons of apps out there that claim to offer VPN services, but not all of them are legit. Some are fakes trying to steal your data.
In the third quarter of 2024, security researchers found that the number of users encountering fake VPN apps jumped 2½ times compared to the second quarter globally. These apps were either malware or programs that could be used by malicious actors.
I’m diving into the rise of fake VPN apps and how you can stay safe.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
A VPN on a cellphone (Kurt “CyberGuy” Knutsson)
What you need to know about the surge in fake VPN apps
According to Kaspersky, cybercriminals are taking advantage of people who want to use free VPN services. In May 2024, law enforcement shut down a botnet, a network of hijacked devices, called 911 S5. Several free VPN services, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN, were used to create this botnet.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
When users installed these VPN apps, their devices were turned into proxy servers, meaning they were used to redirect someone else’s internet traffic.
This huge network spread across 19 million unique IP addresses in over 190 countries, making it possibly the largest botnet ever created. The people controlling the botnet sold access to these infected devices to other criminals, who used them for cyberattacks, money laundering and fraud.
A VPN on a laptop (Kurt “CyberGuy” Knutsson)
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Don’t trust free VPNs
You can’t trust free VPN apps because they have no reason to keep you or your data safe. Here’s why you should be cautious:
- Data sharing: Many free VPNs share user data with third parties.
- Weak encryption: About 36% of free VPNs use weak encryption, compromising your online security.
- Data leaks: Nearly 90% of free VPNs leak some kind of data, with 17% leaking more than they should.
- Unreliable connections: More than half of free VPNs have unstable connections.
- Excessive permissions: Almost 70% ask for permissions they shouldn’t need, like tracking your location (20%) or checking what apps you have installed (46%).
Why people fall for fake VPNs
There’s a growing demand for VPN apps across all platforms, including smartphones and computers. Users often believe that if they find a VPN app in an official store, like Google Play, it’s safe to use. They’re especially drawn to free services, thinking it’s a great deal. However, this can often be a trap.
MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS
Choose trusted VPN services for optimal security and privacy
If you need a VPN, stick to a service that’s well-known, trusted and not free. Look for ones that are talked about on mainstream sites and backed by solid reviews. If you’re not sure where to start, I’ve put together a handy list of my favorite VPNs. I’ve tested them myself, and you can trust them to keep your data safe. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.
A woman looking at a VPN app on her phone (Kurt “CyberGuy” Knutsson)
UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF
7 important tips for choosing and using VPNs
Here are seven essential steps to help you choose a reliable VPN and safeguard your online privacy.
1. Stick to official app stores: Always download apps from trusted platforms like the App Store for iOS or the Google Play Store for Android. These stores have built-in security measures that help detect and remove fake or harmful apps. Avoid downloading apps from random websites or third-party stores, as they are more likely to host malicious software. Even on official stores, check the app’s reviews, ratings and download count to ensure it’s trustworthy.
2. Pay attention to app permissions: Be careful about the permissions you grant to apps during installation. A flashlight app, for example, doesn’t need access to your contacts or location. Question any permission that doesn’t align with the app’s functionality. Both iOS and Android allow you to review and manage app permissions in your settings, so take the time to double-check what you’ve already allowed.
3. Use two-factor authentication (2FA): Implement 2FA for your VPN accounts to add an extra layer of security beyond just a password.
4. Keep software updated: Regularly update all VPN-related software, including clients, servers and associated networking hardware, to benefit from the latest security patches and improvements.
5. Use strong encryption: Look for VPN services that use robust encryption protocols like AES-256 to protect your data.
6. Monitor VPN traffic: Continuously monitor VPN traffic and logs for unusual patterns that might indicate security issues.
7. Invest in strong antivirus software: A strong antivirus program can help detect and remove malware before it compromises your device. Many antivirus apps also come with features like web protection, anti-phishing tools and the ability to scan new apps for threats. While there are free options, premium versions often provide more comprehensive protection. Look for a trusted name in cybersecurity when choosing an antivirus solution. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
Kurt’s key takeaway
Fake VPN apps are everywhere, and they’re bad news. They’re not just useless. They can turn your device into a tool for cybercriminals. The 911 S5 botnet showed us just how dangerous free VPNs can be, turning millions of devices into a giant network for fraud and attacks. The truth is free VPNs aren’t really free. They often come with weak security, leak your data or demand permissions that put your privacy at risk. If you’re serious about protecting your online activity, invest in a trusted, paid VPN service.
How often do you check the credibility of apps you download? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25070059/DSCF9169.jpg "Nvidia is bringing a native GeForce Now app to Steam Deck")
Nvidia plans to release a native GeForce Now app for Steam Deck “later this year,” according to a blog post. It’s already relatively straightforward to get Nvidia’s cloud gaming service set up on Steam Deck thanks to a special script from Nvidia, but a native app should be easier to install and will support up to 4K resolution and 60 fps with HDR when connected to a TV.
Nvidia also plans to bring GeForce Now to some major VR headsets later this month, including the Apple Vision Pro, Meta Quest 3 and 3S, and Pico “virtual- and mixed-reality devices.” When GeForce Now version 2.0.70 is available, people using those headsets will be able to access an “extensive library of games” they can stream by visiting play.geforcenow.com in their browser.
The company also says that two major titles from Microsoft will be available on GeForce Now when they come out this year: Avowed, which launches February 18th, and DOOM: The Dark Ages, which is set to be available sometime this year.
Technology
Turo rentals emerge as common thread in Las Vegas Cybertruck and New Orleans deadly incidents
In the early hours of Jan. 1, 2025, two horrific attacks shook the nation, raising serious questions about car-sharing platform security and potential terrorism links. In Las Vegas, a Tesla Cybertruck exploded outside the Trump International Hotel, killing the driver and injuring seven others.
Meanwhile, in New Orleans, a pickup truck, later identified as a Ford F-150, plowed into crowds on Bourbon Street, resulting in at least 15 fatalities and dozens of injuries.
Both vehicles were rented through Turo, a peer-to-peer car-sharing platform, sparking intense scrutiny of the company’s operations and security measures.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Image from Turo website (Turo)
The Las Vegas incident
At approximately 8:40 a.m. PT on Jan. 1, 2025, a Tesla Cybertruck pulled up to the valet area of the Trump International Hotel in Las Vegas. Within 15 to 20 seconds, the vehicle exploded, killing the driver and injuring seven bystanders. Investigators discovered that the Cybertruck was packed with firework mortars and camp fuel canisters.
The FBI is investigating the incident as a potential act of terrorism. Tesla CEO Elon Musk claimed on social media that the explosion was caused by large fireworks or a bomb in the bed of the Cybertruck and was unrelated to the vehicle itself.
The New Orleans attack
In the early hours of New Year’s Day, a pickup truck, later identified as a Ford F-150, rammed through police barricades on Bourbon Street in New Orleans’ French Quarter. The driver, identified as 42-year-old Shamsud-Din Jabbar, an Army veteran from Texas, mowed down pedestrians over a three-block stretch while firing into the crowd.
The attack resulted in at least 15 deaths and dozens of injuries. Jabbar was killed in a subsequent shootout with police. The FBI is treating this incident as an act of terrorism, noting that an Islamic State flag was found on the vehicle and improvised explosive devices were discovered inside.
The Turo connection to both incidents
Both vehicles used in these incidents were rented through Turo, a peer-to-peer car-sharing platform. This connection has raised significant questions about the company’s security measures and screening processes.
What is Turo?
Turo is a peer-to-peer car-sharing platform that connects vehicle owners with people looking to rent cars. Often described as the “Airbnb for cars,” Turo allows individuals to list their personal vehicles for rent, providing an alternative to traditional car rental companies.
Founded in 2010 as RelayRides and rebranded to Turo in 2015, the company has grown into an international vehicle-sharing marketplace with more than 14 million users worldwide. Turo is available in more than 16,000 cities across the U.S., U.K., Canada, Australia and France.
Image from Turo website (Turo)
BEST CAR ACCESSORIES
How does Turo work?
The Turo process is straightforward:
- Listing: Car owners list their vehicles on the Turo platform, including details like make, model, price and availability.
- Booking: Renters search for available cars in their desired location and dates, then book directly through the Turo website or app.
- Verification: Both car owners and renters must verify their identities through the platform.
- Pick-up: Renters meet the car owner to pick up the vehicle or arrange for contactless check-in.
- Return: At the end of the rental period, the renter returns the car to the owner.
Turo handles payments and insurance options and provides customer support throughout the process.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Image from Turo website (Turo)
HOW YOUR CAR MIGHT BE SELLING YOU OUT TO INSURERS
Turo’s security measures and response
In light of the recent incidents, Turo’s security measures have come under intense scrutiny. The company’s current screening process includes:
- Identity verification
- Background checks (though the specific extent of these checks is not clear)
Turo requires users to upload a valid driver’s license to the app to be cleared for use. In some instances, Turo may collect additional identity verification information such as photographs or scanned copies of driver’s licenses, passports or other forms of identification.
The company has stated that they were “devastated” by the recent events and that their trust and safety team is actively cooperating with law enforcement. Importantly, Turo said in a statement to CyberGuy, “We do not believe that either renter had a criminal background that would have identified them as a security threat, and we are not currently aware of any information that indicates the two incidents are related.”
HOW TO PREVENT YOUR CAR FROM GETTING STOLEN
Regulatory landscape for peer-to-peer car-sharing platforms
The regulatory landscape for peer-to-peer car-sharing platforms like Turo is in a state of flux, with at least 13 states having enacted laws specifically governing this industry, distinct from regulations applied to traditional car rental companies.
Turo has been proactive in advocating for additional regulations in various states to establish clearer operational guidelines. A significant development occurred in 2022 when New York Gov. Kathy Hochul signed SB 6715 into law, providing a comprehensive regulatory framework for peer-to-peer car-sharing operations in the state. This legislation aims to expand transportation options and create economic opportunities for New Yorkers while addressing safety and insurance concerns.
Kurt’s key takeaways
These tragic events have highlighted potential vulnerabilities in the peer-to-peer car-sharing model. As investigations into these incidents continue, it’s likely that there will be increased scrutiny of Turo’s operations and security measures. The car-sharing industry may face calls for stricter regulations and enhanced screening processes. Turo and similar platforms might need to reevaluate and strengthen their security protocols to prevent such incidents in the future.
What are your thoughts on the safety and regulatory measures of peer-to-peer car-sharing platforms like Turo, and should there be stricter screening processes for renters and vehicles to prevent potential misuse or criminal activities? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25820156/.jpg "NBC’s Grimm series is being reborn as a Peacock movie")
Between Nosferatu and Wolf Man, it feels like Hollywood has come back around on good, old fashioned monster movies. And it seems like Peacock wants in on the action with a feature-length reboot of the long-dead Grimm series.
Variety reports that Peacock is moving forward with a new film based on Grimm, Stephen Carpenter, Jim Kouf, and David Greenwalt’s 2011 series about a Portland cop who discovers that he’s one of the chosen few meant to defend humanity from monsters. Josh Berman (Drop Dead Diva) is attached to write the movie as well as co-executive produce with Kouf and Greenwalt.
In its original run, Grimm ran for six seasons that saw Detective Nick Burkhardt (David Giuntoli) become a formidable Grimm (the show’s lingo for monster hunters) alongside his human partner Hank Griffin (Russell Hornsby) and werewolf ally Munroe (Silas Weir Mitchell). Peacock has yet to announce details about the movie’s plot or whether any members of Grimm’s original cast members might return. But given that this isn’t the first time NBC has flirted with the idea of resurrecting the IP, it feels pretty safe to say this time around, Grimm’s definitely coming back to the small screen.
Only 1 in 4 young adults got financial education at school, study shows
What is reformer pilates? And is it worth the cost?
‘How to Make Millions Before Grandma Dies’ Review: Thai Oscar Entry Is a Disarmingly Sentimental Tear-Jerker
A Year of Self-Care: Daily Practices and Inspiration for Caring for Yourself (A Year of Daily Reflections)
The next round of bitter cold and snow will hit the southern US
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
Why Marjorie Taylor Greene was ‘kicked out’ of the Freedom Caucus according to Rep. Buck
See it: Tesla crashes into Columbus convention center at 70 mph
Fox News Politics: Georgia the whole day through
Death of missing Oregon girl found in stream ruled homicide
Defense Lawyers Seek to Block Special Counsel Report in Trump Documents Case
President Biden, first lady attend memorial service for Bourbon Street attack victims in New Orleans
Urgent patients face more than nine hour wait periods in Portugal
Rudy Giuliani is held in contempt of court in $148 million defamation case
Minneapolis Promises Police Overhaul in Deal With Justice Department
-
Health1 week agoNew Year life lessons from country star: 'Never forget where you came from'
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/24982514/Quest_3_dock.jpg "Meta’s ‘software update issue’ has been breaking Quest headsets for weeks")
Technology1 week agoMeta’s ‘software update issue’ has been breaking Quest headsets for weeks
-
Business6 days agoThese are the top 7 issues facing the struggling restaurant industry in 2025
-
Culture6 days agoThe 25 worst losses in college football history, including Baylor’s 2024 entry at Colorado
-
Sports6 days agoThe top out-of-contract players available as free transfers: Kimmich, De Bruyne, Van Dijk…
-
Politics4 days agoNew Orleans attacker had 'remote detonator' for explosives in French Quarter, Biden says
-
Politics4 days agoCarter's judicial picks reshaped the federal bench across the country
-
Politics2 days agoWho Are the Recipients of the Presidential Medal of Freedom?