A VPN is often touted as a basic piece of any mobile device security plan. But when the chosen VPN turns out to be not just ineffective but actively working against your security, the user is left both vulnerable and betrayed.
Researchers at Trend Micro have singled out HolaVPN, a free "community VPN," for using customer computers and devices as exit points for spam, phishing messages, and worse. The "worse" is especially important at businesses where employees have downloaded the HolaVPN software. In those cases, HolaVPN could provide a gateway into the enterprise network for malicious software of many varieties.
Community VPNs are those in which the users' computers and devices provide exit points for other users in exchange for low- or no-cost services.
Malicious file access was only part of the problem. The software for HolaVPN failed to provide encryption for users depending on the service to protect their data from theft.
Even without malware or data theft, HolaVPN users were subject to a variety of annoying and possibly misleading messages. In their research, the Trend Micro team found that 85% of the HolaVPN traffic they analyzed was concerned with mobile ads and other mobile-related domains and software.
Read more details here.