Google Security Alert As Backdoor VPN Threat Confirmed

Update, Jan. 8, 2025: This story, originally published Jan. 6, now includes details of other VPN-related vulnerabilities and further information regarding the threat searching for VPN apps on Google now brings to users.

Google’s managed defense team, working to empower the Google security operations community, has published a technical deep-dive into a confirmed malware threat that acts as a backdoor supporting commands involving supports commands keylogging, screen capture, audio capture, remote shell and file transfer as well as file execution. The malware, known as playfulghost, has been observed distributed through SEO poisoning methodologies which “bundle” it with popular VPN and other applications. Here’s what you need to know.