Google is batting back against malware and backdoor computer infection by adding VPN app verification at the Google Play Store that includes a badge for trusted downloads. Google has indicated that simply selecting reputable brand-name VPNs (virtual private networks) is no longer an effective way of avoiding trouble, as nefarious actors have found ways to infect legitimate VPN apps with malware. Last month, the Google Managed Defense team warned that malware known as Playfulghost had reportedly infected some popular VPNs, using them to inject malware and remotely control infected devices.

The move comes as downloads of VPNs are increasing across the U.S. as a way “to evade age verification laws and temporary blocks enforced on TikTok,” TechRadar reports.

In an earlier article, TechRadar Pro delves into the methodology, explaining that “the malware is bundled with popular applications, like LetsVPN, and distributed through SEO poisoning.”

“This involves manipulating search engine results to make the bundled software appear at the top of searches, making it seem like a legitimate download.”

NordVPN, Hide.me, Aloha Browser and the Opera Browser for Android with built-in VPN are among the first to earn Google’s new security badge.

“Earning the VPN badge isn’t just about checking a box,” Google says in an Android Developers blog post. “It’s proof that your VPN app invests in app safety” and signifies that it adheres to the Play safety and security guidelines and successfully completed a Mobile Application Security Assessment (MASA) Level 2 validation.

“Previously, you had to dig into the app’s security details to find out whether it was reputable — but this can now be done in one quick glance thanks to the new ‘verified’ badge,” reports Tom’s Guide.

In addition to the MASA test, “VPNs must also have at least 10,000 installs and 250 reviews, and have been published on the Google Play Store for at least 90 days,” Tom’s explains, adding that the VPNs must also “submit a Data Safety declaration, detailing how user data is collected, and opt-in to independent security reviews.”

Forbes writes that Google claims to have blocked more than 23 million apps with its latest Android and Google Play security ecosystem updates, sharing insight into the company’s “multi-layered approach to dealing with bad apps.”

“Google’s new Verified badge adds to Google’s ongoing commitment to better transparency and security in its App Store,” TechRadar says, reporting the Alphabet company rolled out privacy labels in 2022 and introduced independent security review banners the following year.