Free VPN death call after 911 Proxy Malware

Hacker with laptop illustration

A recent investigation into an online service called 911 has revealed that it has been selling access to hundreds of thousands of personal computers running Microsoft Windows which cybercriminals are using to conduct their crimes.

The 911 service tricks its way onto people’s devices through dodgy software updates and malware bundled together with other services. A popular method it uses to get onto people’s devices is via free VPNs.

What is 911?

911 is what is known as a ‘residential proxy service’. It works by allowing users to rent a domestic IP address to use as a relay for their Internet communications. In other words, you can use a domestic computer like a VPN server and enjoy the benefit of anonymity and the appearance of being a residential user browsing online.

As a lot of websites that monitor traffic block IP Addresses which have multiple users, known as shared IP Addresses, these services are a great way to get onto those sites without revealing your own IP Address.

There are legitimate uses for services like this, but they can also be misused by cybercriminals.

911 sold their service as being a ‘free VPN’ or ‘free proxy’ service. But they didn’t tell users who downloaded their app that they were also agreeing to let others use their internet connection and their IP Address too.

How was 911 harmful?

Canadian researchers have examined 911 and found there were around 120,000 PCs that other users could connect to on the service. The vast majority of these were based in the USA.

Their assessment of the service was damning:

“The 911 network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer… During the research we identified two free VPN services that [use] a subterfuge to lure users to install software that looks legitimate but makes them part of the network.”

If that wasn’t bad enough, they also found that many of the IP addresses on offer through 911 were from US universities, Colleges, critical infrastructure sites, defence establishments, and even government and law enforcement networks. In other words, there were significant security risks.

The Krebs on Security blog has looked at 911 in even more detail and found links to Communist China. For the first year of its existence, the 911 website existed solely in Simplified Mandarin – a language only used in Communist China.

It also uncovered clear evidence from the site’s online history that it knew exactly what it was doing and that the people behind 911 openly marketed the service to cybercriminals.

There was also evidence of the software being disguised as security updates for popular video software such as Media Player and Flash Player.

911 became hugely popular with cybercriminals and was widely praised on cybercrime blogs. Its user numbers grew dramatically in August 2021 after competitor service VIP72 shut down and again in January 2022 after LuxSocks, another rival, disappeared.

The message to free VPN users

As Riley Kilmer, co-founder of, a security company that monitors anonymity services, told Krebs, “[Services like 911] have two basic methods to get new IPs. Free VPN apps, and… trojanised torrents. They’ll re-upload Photoshop… so that it’s backdoored with the 911 proxy.”

In other words, when you download a free VPN, it can have software like 911 bundled together with it. Once on your system, it is nearly impossible to get off and it means that your internet connection and your IP Address could be being used by a cybercriminal from anywhere in the world.

This could result in you facing a criminal investigation for activities carried out through your internet connection despite you having no knowledge and no involvement whatsoever.

The message from the 911 story is clear. This is yet another reason why free VPN services are simply not worth the risk.

VPNs cost money to operate. If the service is being offered for free, there must be a catch. Sadly, that catch often means compromising your own online security and privacy, sometimes in ways that you cannot even imagine.

A legitimate VPN service will set you back no more than a few dollars a month. It is a small price to pay to ensure that your devices, your internet connection, and your IP Address is safe from the types of cybercriminals that use services like 911.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.