Ask Runable forDesign-Driven General AI AgentTry Runable For Free
Runable
Back to Blog
Technology6 min read

That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn | TechRadar

The "VPN Go" extensions shipped clean, then pushed an update that monitors and steals copied text Discover insights about that free vpn chrome and firefox exten

TechnologyInnovationBest PracticesGuideTutorial
That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn | TechRadar
Listen to Article
0:00
0:00
0:00

That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn

The "VPN Go" extensions shipped clean, then pushed an update that monitors and steals copied text

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Malware kan ställa till med oreda (Image credit: Shutterstock)

Researchers found "VPN Go" extensions for Chrome and Firefox secretly harvesting copied text

The clipboard theft was not there at launch and arrived through a later update

Anything copied while the extension was active should now be treated as exposed

Security researchers at Socket found two browser extensions distributed under the "VPN Go: Free VPN" branding, one listed on the Chrome Web Store and one on Firefox Add-ons, to secretly harvest copied text.

Both present themselves as free VPN tools with working proxy features. Underneath, Socket says, both also run a clipboard stealer that continuously watches copied text and sends it to infrastructure controlled by the attacker.

According to Socket, the clipboard theft was not present when the extensions first appeared. It was added later, through an ordinary-looking update, after the extensions had already built up a base of trusting users. That staged approach is exactly what makes this kind of threat so hard to spot, and why even a fairly cautious user can end up exposed.

For anyone weighing up a no-cost privacy tool, it is worth knowing that not every free option behaves like this, and the best VPN services are tested precisely so you do not have to take this kind of gamble. But this case shows how thin the line can be between a useful free extension and a data-harvesting one.

Socket says the earliest analyzed builds behaved like ordinary proxy extensions, with no confirmed clipboard theft.

Google Chrome users beware — experts warn over 100 Web Store extensions found stealing user data from thousands of accounts

Fake X-VPN installers found to spread credential-stealing malware — here's how to stay safe

Hackers are hijacking legitimate news websites and reviews to drum up publicity

On Chrome, that changed with version 1.1, when the extension added a script that reads the clipboard and ships those chunks off to a hardcoded address. The Firefox version followed the same path slightly later, moving the same theft loop into its background script.

Once active, the monitoring is relentless. The Chrome content script checks the clipboard roughly every half a second, according to Socket's analysis, while the Firefox build polls every 1.5 seconds.

Each newly copied value is tagged with a session identifier so it can be reassembled on the other end, then sent out over plain HTTP. All of this was happening while the two apps' privacy policies stated that the tools did not collect, store, or share user data and did not keep activity logs.

Tech Radar has reached out to VPN Go for comment, but both email addresses bounced, and both extensions have since been pulled from their stores.

The reason clipboard theft is so effective is that it abuses something completely routine. People copy and paste sensitive information all day, and it's not careless to do so. Password managers rely on exactly that: copying long, unique passwords into your accounts.

Hundreds of thousands at risk as Nord VPN uncovers sophisticated adware campaign hidden in 50,000 pirate sites

Best Chrome VPN extensions: secure your browser without opening your VPN with these expert choices

Missing your Proton VPN Firefox add-on? You'll have to use the desktop app for now

An extension that can silently read the clipboard has access to all of this information; it just has to wait for you to copy the right thing. If you have used either of the two extensions in question, you should treat any information you've copied during that time as exposed.

Researchers have repeatedly found free VPN extensions doing things their users never agreed to. Recent reporting has covered a free Chrome VPN extension caught taking screenshots of every page its users visited, and a malicious free VPN extension that resurfaced after being removed, returning in a more evasive form.

The pattern is consistent enough that it is worth treating any unknown free VPN extension with caution by default. That caution matters: Tech Radar's own polling found that nearly 1 in 4 readers use free VPNs despite knowing the risks.

If you want the protection a VPN offers without rolling the dice, stick to providers with a track record and independent testing behind them.

A reputable paid service, or one of the carefully vetted best free VPN options, is a far safer bet than an unknown extension promising unlimited access for nothing. As the saying goes, when the product is free, there is a decent chance that you are the product.

Follow Tech Radar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Monica is a tech journalist with over a decade of experience. She writes about the latest developments in computing, which means anything from computer chips made out of paper to cutting-edge desktop processors.

GPUs are her main area of interest, and nothing thrills her quite like that time every couple of years when new graphics cards hit the market.

She built her first PC nearly 20 years ago, and dozens of builds later, she’s always planning out her next build (or helping her friends with theirs). During her career, Monica has written for many tech-centric outlets, including Digital Trends, Slash Gear, We PC, and Tom’s Hardware.

You must confirm your public display name before commenting

1A24's Backrooms has an extended cut with over 15 minutes of unseen footage — here's when you can watch it in theaters

2 How to watch England vs DR Congo: Free Streams & TV Channels

3 This new bipartisan act wants to force US AI companies to pay for the energy they use

4I've been hunting for the best earbuds for travel — here are the 6 pairs our audio team recommends

5AMD Radeon GPU prices might be going up amid the RAM crisis

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

  • News, deals, reviews, guides and more on the newest computing gadgets
  • Start exploring exclusive deals, expert advice and more
  • Unlock and manage exclusive Techradar member rewards
  • Unlock instant access to exclusive member features
  • Get full access to premium articles, exclusive features and a growing list of member rewards

Cut Costs with Runable

Cost savings are based on average monthly price per user for each app.

Which apps do you use?

Apps to replace

ChatGPTChatGPT
$20 / month
LovableLovable
$25 / month
Gamma AIGamma AI
$25 / month
HiggsFieldHiggsField
$49 / month
Leonardo AILeonardo AI
$12 / month
TOTAL$131 / month

Runable price = $9 / month

Saves $122 / month

Runable can save upto $1464 per year compared to the non-enterprise price of your apps.