In the digital age, personal information security on the Internet has become one of the top concerns of users. Millions of people use extensions on the Chrome browser to enhance their web browsing experience, including ad blockers, password managers, and free VPN services. However, behind these seemingly "harmless" utilities, there are sometimes hidden dangers. Recently, a security report from cybersecurity company Koi Security has raised serious alarm bells about a VPN utility called FreeVPN.One , with more than 100,000 downloads. Instead of protecting data, this utility systematically monitors and steals user information.

In the context of increasing cyber fraud and personal data leaks, the story of FreeVPN.One is a clear demonstration that Internet users can become victims at any time if they lack knowledge about cybersecurity. This article will analyze in detail the findings of Koi Security, how this malicious utility works, as well as the dangers it brings. More importantly, we will learn how to protect yourself and choose a safe VPN solution to avoid the risk of "evaporating" bank accounts and other sensitive information.

1. What is FreeVPN.One?

According to a report from Koi Security, FreeVPN.One is a free VPN extension released on the Chrome Web Store, advertising its ability to “secure data,” “anonymize web browsing,” and “block online threats” like many other reputable VPN services. It is worth noting that this extension is certified by Google and publicly displayed on the app store, causing many people to trust and download it without any doubts.

FreeVPN.One has over 100,000 downloads and many positive reviews, even ranking high in the free VPN for Chrome category. With such a legitimate appearance, few people can recognize the danger lurking behind. However, security experts at Koi Security have discovered alarming behavior: FreeVPN.One silently takes screenshots of all the websites that users visit , including those containing sensitive information such as bank accounts, emails, social networks, and cloud storage.

Specifically, just seconds after a user opens a website, this extension will automatically take a screenshot of the entire page content and send it to an external third-party server. This unauthorized collection takes place silently without any notification or request for consent from the user. Even a feature called “AI Threat Detection” in the extension is advertised as a protection tool but in fact is a mechanism to legitimize the act of taking screenshots and sending data to the server.

2. Worrying data collection behavior from July 2025

Koi Security said that through monitoring and analysis, they discovered that since July 2025, FreeVPN.One began integrating spyware to collect user data. In addition to taking screenshots, the utility also collects web browsing history, geolocation, and even user login cookies. This poses a serious risk that all private information can be sold to third parties or used for financial fraud.

It is worth noting that the developer of FreeVPN.One claims that the screenshots are only taken on “suspicious” websites for security analysis purposes. However, Koi Security has proven otherwise: even legitimate pages such as Google Photos, email accounts, and online banking are captured. This means that personal photos, account numbers, passwords, and any data displayed on the screen can be collected and stored in a place that the user has absolutely no control over.

Even more worrying, since the discovery, the developer of FreeVPN.One has stopped responding to all requests for comment from Koi Security and media outlets. This silence further raises the suspicion that the extension was created with spying in mind from the start, rather than simply being a weak security service.

3. Risk of losing bank accounts and personal information

One of the most serious consequences of using a malicious extension like FreeVPN.One is the risk of losing control of your financial accounts. Taking screenshots and collecting data can make it easy for hackers to get hold of your username, password, OTP code, or even credit card information.

In many previously documented cyberattacks, hackers often combine the collected data with fraudulent techniques such as phishing or social engineering to gain access to assets. For example, when obtaining screenshots of online banking accounts, bad guys can attempt to infiltrate by recovering passwords or using leaked data to gain unauthorized access. In addition, personal images and data such as private photos, confidential documents, and business contracts can also be exploited for blackmail or sold on the black market.

The threat extends beyond just individuals to businesses. If a company employee accidentally uses FreeVPN.One on their work device, it could expose internal data, leading to unpredictable economic and reputational consequences.

4. FreeVPN.One is just the tip of the iceberg

The case of FreeVPN.One is just one example of the worrying reality of free VPN services. According to numerous cybersecurity studies, the majority of free VPNs on the market have a business model based on exploiting user data rather than protecting it. Since they don’t charge for their services, their main source of revenue comes from selling the information to advertisers or, worse, to cybercriminals.

A recent report from an international cybersecurity group also found many malicious applications, including free VPNs, distributed on popular app stores such as the Chrome Web Store, the App Store, and Google Play. This shows that even reputable platforms have difficulty completely controlling spyware disguised as useful utilities. This problem is even more acute when users tend to look for “free” solutions while ignoring security factors.

5. What should users do to protect themselves?

Given the potential risks posed by FreeVPN.One and similar malicious extensions, Internet users need to take timely action to protect their data and assets.

First, please immediately remove FreeVPN.One if you are using this extension on your Chrome browser. Continuing to use it may result in your personal data being collected and sent without your knowledge.

Next, scan your computer with reputable antivirus and security software. This will help detect and remove any spyware or malware that may have been installed on your system while using the utility. Also, immediately change your passwords for all important accounts such as email, banking, social networks, and use two-factor authentication (2FA) for added security.

Also, be extra careful when choosing a VPN service. If possible, use paid services from reputable providers that have been audited for security and have transparent privacy policies. If you must use a free VPN, read reviews from independent sources, check the privacy policy, and follow security warnings from reputable organizations.

Ultimately, improving your cybersecurity knowledge is a long-term way to protect yourself. Stay informed about new threats, learn how to spot online scams, and be careful about granting permissions to any extensions or apps.

6. Conclusion

The FreeVPN.One incident is a stark reminder of the potential dangers of using free extensions and services on the Internet. A seemingly harmless extension with hundreds of thousands of downloads, certified by Google, can become a spying tool, directly threatening the financial security and personal information of users.

In the digital age, security is not only the responsibility of technology companies but also the awareness of each individual. Don't let subjectivity and the "free" mentality make you pay a high price. Be proactive in protecting yourself by choosing safe services, regularly checking your devices and improving your knowledge of cyber security. A little vigilance today can help you avoid unpredictable damage in the future.