Home » That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn

That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn

That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn

This post was originally published on this site.

  • Researchers found “VPN Go” extensions for Chrome and Firefox secretly harvesting copied text
  • The clipboard theft was not there at launch and arrived through a later update
  • Anything copied while the extension was active should now be treated as exposed

Security researchers at Socket found two browser extensions distributed under the “VPN Go: Free VPN” branding, one listed on the Chrome Web Store and one on Firefox Add-ons, to secretly harvest copied text.

Both present themselves as free VPN tools with working proxy features. Underneath, Socket says, both also run a clipboard stealer that continuously watches copied text and sends it to infrastructure controlled by the attacker.

According to Socket, the clipboard theft was not present when the extensions first appeared. It was added later, through an ordinary-looking update, after the extensions had already built up a base of trusting users. That staged approach is exactly what makes this kind of threat so hard to spot, and why even a fairly cautious user can end up exposed.

For anyone weighing up a no-cost privacy tool, it is worth knowing that not every free option behaves like this, and the best VPN services are tested precisely so you do not have to take this kind of gamble. But this case shows how thin the line can be between a useful free extension and a data-harvesting one.

What Socket’s research uncovered

VPN Go in Chrome Web Store

(Image credit: Chrome)

Socket says the earliest analyzed builds behaved like ordinary proxy extensions, with no confirmed clipboard theft.

On Chrome, that changed with version 1.1, when the extension added a script that reads the clipboard and ships those chunks off to a hardcoded address. The Firefox version followed the same path slightly later, moving the same theft loop into its background script.

Once active, the monitoring is relentless. The Chrome content script checks the clipboard roughly every half a second, according to Socket’s analysis, while the Firefox build polls every 1.5 seconds.

Each newly copied value is tagged with a session identifier so it can be reassembled on the other end, then sent out over plain HTTP. All of this was happening while the two apps’ privacy policies stated that the tools did not collect, store, or share user data and did not keep activity logs.

TechRadar has reached out to VPN Go for comment, but both email addresses bounced, and both extensions have since been pulled from their stores.

Why clipboard stealers are dangerous for users

The reason clipboard theft is so effective is that it abuses something completely routine. People copy and paste sensitive information all day, and it’s not careless to do so. Password managers rely on exactly that: copying long, unique passwords into your accounts.

An extension that can silently read the clipboard has access to all of this information; it just has to wait for you to copy the right thing. If you have used either of the two extensions in question, you should treat any information you’ve copied during that time as exposed.

Researchers have repeatedly found free VPN extensions doing things their users never agreed to. Recent reporting has covered a free Chrome VPN extension caught taking screenshots of every page its users visited, and a malicious free VPN extension that resurfaced after being removed, returning in a more evasive form.

The pattern is consistent enough that it is worth treating any unknown free VPN extension with caution by default. That caution matters: TechRadar’s own polling found that nearly 1 in 4 readers use free VPNs despite knowing the risks.

How to stay safe

If you want the protection a VPN offers without rolling the dice, stick to providers with a track record and independent testing behind them.

A reputable paid service, or one of the carefully vetted best free VPN options, is a far safer bet than an unknown extension promising unlimited access for nothing. As the saying goes, when the product is free, there is a decent chance that you are the product.