Security Report: Urban VPN Proxy Extension Causing Active Malware and System Damage

245 views
Skip to first unread message

Ashutosh Sharma

unread,
Feb 14, 2026, 4:50:32 PMFeb 14
to Chromium Extensions

Hello Chrome Extensions Security Team,

I am reporting a Chrome extension that appears to be malicious and is actively flagged by Windows Security, with severe impact on my device.

Extension name: Urban VPN Proxy
Extension ID: veppiocehmnblhjplcgkofciegomcon
Affected component: service_worker/index.js
Chrome version: Latest stable (Windows)

Windows Defender detects this extension as Trojan/ChatGPTStealer!MSR (Severe) and reports that it executes remote commands and runs persistently through Chrome service workers. The threat remains active until the extension and its related policies are forcibly removed.

After installation and use of this extension, my system experienced serious issues, including abnormal CPU usage, device overheating, performance degradation, and data integrity concerns. These effects required immediate remediation and posed a risk to both system stability and hardware safety.

This extension was installed from the Chrome Web Store and repeatedly reinstalls itself through background mechanisms, which strongly suggests policy abuse or service worker persistence.

Please investigate this extension for credential theft, remote command execution, persistence behavior, and potential system harm, and take appropriate action if confirmed.

I am happy to provide logs, screenshots, or additional technical details if required.

Regards,
Ashutosh Sharma

Screenshot 2026-02-08 183858.png
Screenshot 2026-02-08 182435.png

Toan Le Van

unread,
Feb 15, 2026, 5:23:18 AMFeb 15
to Chromium Extensions, Ashutosh Sharma

You may want to use the official form to report an extension https://support.google.com/chrome_webstore/contact/one_stop_support

Also, the extension ID you provided appears to have its characters changed or rearranged at the beginning, in the middle, and at the end compared to the original Urban VPN ID. This makes the report look suspicious.

E

unread,
Mar 4, 2026, 2:25:33 AM (3 days ago) Mar 4
to Chromium Extensions, Toan Le Van, Ashutosh Sharma
Urban VPN is spyware:

https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection

I saw this post on Reddit today:

https://www.reddit.com/r/chrome/comments/1ria1or/urban_vpn_extension_secretly_collected_and_sold/

Apparently Google removed the extension but quietly added it back and is now it as the first result for 'VPN' and Google is recommending it as the #1 'Privacy & Security' extension.

It is completely crazy that Google is literally promoting spyware to millions of users. It just seems so unethical.
Reply all
Reply to author
Forward
0 new messages