Kaspersky one of the leading computer security companies have issued a fresh warning over the use of ‘free’ VPN services due to an increased risk of cryptocurrency mining exploits.
Kaspersky Lab the research department behind Kaspersky found that many ‘free’ VPN services are not doing what they are intended to do but instead utilising the power of a user’s mobile device to mine for cryptocurrency.
Cryptocurrencies like Bitcoin, Ethereum and Monero have become huge in recent years and with values skyrocketing at the start of the year criminals have turned their attention to the digital currencies.
Cryptocurrency mining boom
Cryptocurrencies can be bought and sold in normal fashion and due to their popularity, their values have increased dramatically. Although the big currencies have suffered a fall in value recently they’re still highly prized commodities with money to be made.
Alongside buying and selling Cryptocurrency can also be ‘mined’ by solving complex mathematical problems which result in being rewarded with small amounts of the currency. It is this mining that Kaspersky warns ‘free’ VPN apps are exploiting.
Mining for cryptocurrency requires extensive computer power but by harnessing the power of hundreds of thousands of mobile devices those behind the trojan horse VPN apps can generate enough power to make money.
Censorship fuelling the VPN mining issue
Online censorship around the world continues to grow with well-reported countries like China and Iran at the forefront. More recently Sri Lanka, Brazil, Turkey and a whole host of other nations have had their internet or certain aspects of it censored.
In the recent Sri Lankan internet crackdown, Facebook was blocked from access which resulted in one of the largest ever recorded VPN downloading spates in history. An event which led the Sri Lankan government themselves to warn against the use of free VPN services.
Due to the comparatively low wages of many of those countries in comparison to the price of reputable VPN services and the human nature to want services for free, these events have led to mass downloading of free VPN services to bypass censorship.
Kaspersky notes that users in the Ukraine and Brazil were particularly at risk and free VPN apps are not alone in having cryptocurrency mining tools hidden inside. One football video app was reportedly downloaded more than 100,000 times.
Another instance which this time was a free VPN app was downloaded more than 50,000 times mostly by users in Russia and the Ukraine. Two countries which have recently suffered internet censorship and where VPN apps are a necessity due to Russia’s ever expanding online censorship and VPN crackdown.
As well as impacting on the security of a user’s device, cryptocurrency mining can make mobile devices slow and seriously reduce the lifespan of the battery. With many mobile devices unable to change batteries these apps are killing devices quicker than their natural lifespan.
Free VPNs again show their weakness
While all VPN services can come under fire for security breaches, lack of clarity on privacy policies and a host of other issues, free VPN services are disproportionality in the news again for not only the lack of security and protection they offer but also for the more worrying tactics providers use to generate revenue.
Running a VPN service costs money and it could be somewhat understandable for legitimate free VPN providers to use methods frowned upon such as advert injection to generate revenue to run the service. If you’re not paying for it then it needs to be paid for somehow.
Most worrying is the new report from Kaspersky that shows unsavoury characters are utilising the need for such security solutions to enhance their own monetary gains via cryptocurrency mining.
These hidden cryptocurrency miners are being inserted secretly without user knowledge which should call into question the actual reliability of the supposed VPN service itself and if this is actually functioning as it should to protect the user’s privacy.