- The malicious group VExtrio Viper developed and shared a large number of false applications through legitimate application stores, reveals a new research
- Malicious applications include VPN, advertisement blockers, RAM cleaners and even online dating services
- Vextrio Viper uses traffic distribution systems (TDS) to disseminate malware and other online scams since 2015
It doesn’t matter if you download your VPN application through Google Play or Apple App Store, there is still the possibility that it can be a malicious application developed by Vextrio Viper.
In an extensive report, InfobloxMed Intel researchers revealed how the fraudulent Adtech group published a range of applications in official application stores, from virtual private networks (VPN) and advertisement blockers to RAM cleansing and even online dating services.
It is believed that it has been active since 2015, Vextrio is a complex criminal company that involves several companies and uses traffic distribution systems (TDS) to disseminate malware and other online scams.
At least seven security applications affected
“They launched applications under several developer names, including Holacode, Locomind, Hugmi, Klover Group and Alphascale Media. […] Available in Google Play and Apple stores, millions of times together have been downloaded, “reportlox told Hacker News.
Specifically, Locomind has developed at least seven applications that offer security tools, which in 2024 claimed more than 500,000 downloads and 50,000 active users for their applications.
These include several VPN services, such as VPN fast: Super Proxy and other public services applications, such as RAM cleaners.
Once users have installed these applications on their devices, they are bombarded with intrusive ads and are asked to register for deceptive subscriptions.
Intel Intel Infoblox team has tracked Vextrio’s malicious activities since 2022, publishing several reports over the years.
Among these, in June 2025, the researchers revealed a criminal network between WordPress computer pirates and a traffic distribution system (TDS) operated by the Vextrio group.
In 2024, they also presented the Malicious Malecious Affiliates program of Vextrio that functioned as a food delivery service for criminals.
“In total, Vextrio’s Enterprise includes almost one hundred companies and brands. The scope of its activities includes malicious applications and large -scale spam operations, and as we published a few months ago, they have a special relationship with numerous computer pirates,” says researchers.
How to stay safe
This story is a marked reminder that it is not enough for an application to be in an official application store to be safe. It must be even more careful when it comes to a safety tool, since cybercriminals are known for taking advantage of unprotected devices.
For example, in April, an investigation found at least 20 free VPN applications with the unleashed Chinese property that stalks in the Official Apple App Store in the United States. At least five of these were linked to a Shanghai -based company that is believed to have ties with the Chinese army.
While the best VPN services increase their anonymity and online safety by encrypting their Internet traffic and falsifying their IP address, malicious applications represent risks to their privacy.
As a general rule, you just have to download a reliable service with a strong VPN policy without registration and an independent third -party audits history.
If you are not yet willing to pay for a premium service, I recommend you verify VPN and private VPN, since they are currently the best free VPNs in the market, according to Techradar reviewers.
That said, our tests confirmed NordvPN as the best All-Orunder at this time, thanks to the great security/privacy characteristics and impeccable performance. Even better, perhaps, can still arrive on time to obtain the exclusive Techradar agreement, which expires on August 12, 2025.
