- A free Chrome extension misused CyberGhost’s free servers
- BiuBiu VPN was stealing CyberGhost resources to host its app
- CyberGhost confirmed that no user data had been compromised
A free VPN Chrome extension with 20 million users has been found to be abusing CyberGhost resources.
TechRadar’s lead security reviewer, Mike Williams, discovered that the Chrome extension called “BiuBiu VPN – The Website Unblocker” was stealing CyberGhost’s free servers to host its app.
CyberGhost told TechRadar that the extension had been abusing its legacy service, which was designed to give people a free, public proxy service. A CyberGhost spokesperson confirmed that no user data was accessed, stating: “No existing CyberGhost users (or their accounts) were affected or compromised in any way.”
How BiuBiu VPN stole CyberGhost servers
Williams discovered anomalies in the BiuBiu VPN app while investigating the security of some Chrome extensions.
So he decided to take a closer look at the app. After performing a network scan and analyzing the extension’s source code, he discovered that it covertly connected the user to CyberGhost’s servers.
Williams said: “This is not a direct threat to users; the extension worked as advertised. But there is potential for fraud.”
Image 1 of 3
CyberGhost later told TechRadar that the incident involved the misuse of servers linked to its legacy free service.
The company said it was unfortunate that some people and organizations had “taken advantage” of the free product, adding that its security team is now “actively involved” in removing the extension.
CyberGhost engineers are working to migrate the free proxy service to a more robust, abuse-resistant platform to ensure more bandwidth is available for legitimate users. “The new setup will remain free and private for legitimate users, but will require registration to prevent misuse,” CyberGhost said.
BiuBiu VPN’s answer
In response to our questions, a spokesperson for PreppHint, the developer behind the VPN extension, told TechRadar that it would be discontinuing the app immediately.
“We have made the decision to permanently discontinue the BiuBiu VPN extension. It has been removed from the Chrome Web Store effective immediately,” the developer said.
BiuBiu VPN is not the first to take advantage of free VPN resources. Last year, another free VPN app for Android with over 1 million downloads, JetVPN, was found to be using stolen free servers owned by Windscribe and Private Internet Access.
Like BiuBiU, JetVPN was quick to remove its app from the web store, despite saying that the company “never made any intentional or unauthorized use” of third-party infrastructure.
The biggest risk of free VPN apps
The risks of using free VPN apps are becoming increasingly known.
“When you install one, you have no idea what servers are handling your connections,” Williams said. “CyberGhost’s VPN servers are a safe option, but you could have also used some Chinese traffic logging servers.”
Not all free VPN apps are malicious, but running a virtual private network (VPN) infrastructure costs money. This means there may be an incentive for developers to monetize your data with tracking technology and intrusive ads, while others choose to steal resources from reputable VPN providers rather than create their own.
If you are looking for a secure VPN app but don’t want to invest in a subscription, check out our page for the best free VPN apps available. These services make money by selling premium subscriptions instead of misusing your data. However, keep in mind that all of them have some limitations.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
