- Researchers found “VPN Go” extensions for Chrome and Firefox secretly collecting copied text
- The clipboard theft was not present at launch and came via a later update.
- Anything that was copied while the extension was active should now be treated as exposed.
Socket security researchers found two browser extensions distributed under the brand name “VPN Go: Free VPN”, one included in the Chrome Web Store and another in Firefox add-ons, to secretly collect copied text.
Both present themselves as free VPN tools with working proxy features. Underneath, Socket says, both also run a clipboard stealer that continually watches the copied text and sends it to the infrastructure controlled by the attacker.
According to Socket, clipboard theft was not present when the extensions first appeared. It was added later, via a normal appearance update, after the extensions had already built a base of trusting users. That staged approach is exactly what makes this type of threat so difficult to detect, and why even a fairly cautious user can end up exposed.
For anyone weighing a no-cost privacy tool, it’s worth knowing that not all free options behave this way, and the best VPN services are tested precisely so you don’t have to take these kinds of gambles. But this case shows how thin the line can be between a useful free extension and one that collects data.
What Socket research discovered
Socket says that the first builds analyzed behaved like ordinary proxy extensions, with no confirmed clipboard theft.
In Chrome, that changed with version 1.1, when the extension added a script that reads the clipboard and sends those fragments to an encrypted address. The Firefox version followed the same path a little later, moving the same stealing loop to its background script.
Once active, monitoring is relentless. Chrome’s content script checks the clipboard about every half a second, according to Socket’s analysis, while the Firefox build polls every 1.5 seconds.
Each newly copied value is tagged with a session identifier so it can be reassembled at the other end and then sent over plain HTTP. All of this was happening while the two apps’ privacy policies stated that the tools did not collect, store or share user data and did not maintain activity logs.
TechRadar contacted VPN Go for comment, but both email addresses bounced and both extensions have since been removed from their stores.
Why clipboard stealers are dangerous to users
The reason clipboard theft is so effective is that it abuses something completely routine. People copy and paste sensitive information all day long and it is not careless to do so. Password managers rely on exactly that: copying long, unique passwords to your accounts.
An extension that can silently read the clipboard has access to all this information; You just have to wait for it to copy the right thing. If you have used either of the two extensions in question, you should treat any data you copied during that time as exposed.
Researchers have repeatedly found that free VPN extensions do things that their users never agreed to. Recent reports have covered a free Chrome VPN extension that was caught taking screenshots of every page its users visited, and a malicious free VPN extension that resurfaced after being removed, returning in a more evasive form.
The pattern is consistent enough that it’s worth treating any unknown free VPN extension with caution by default. That caution is important: TechRadar’s own survey found that nearly 1 in 4 readers use free VPNs despite knowing the risks.
How to stay safe
If you want the protection that a VPN offers without rolling the dice, opt for providers with a track record and independent testing to back them up.
A reputable paid service, or one of the carefully vetted best free VPN options, is a much safer bet than an unknown extension that promises unlimited access for nothing. As the saying goes, when the product is free, there is a good chance that you are the product.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!




