When the Federal Court blocked access to file-sharing websites like The Pirate Bay last December, VPN (Virtual Private Network) providers reported a surge in subscription rates.

Key points: Researchers found 38 per cent of VPN apps analysed contained malware or malvertising

Researchers found 38 per cent of VPN apps analysed contained malware or malvertising More than 80 per cent of the apps want access to your sensitive information

More than 80 per cent of the apps want access to your sensitive information The worst offenders could send texts from your phone and force ads to appear in other apps

Australian company Vanished VPN said its subscription rates had doubled in the past six months and VPN Unlimited said it had seen a 12.5 per cent monthly jump since the court's decision.

People were using VPN services to access the blocked sites because they masked their location — allowing users to get around any website blocks or restrictions.

But if you're one of those people, you might want to take a closer look at the service you're using — especially if you've got an Android device.

A team from CSIRO's Data 61, University of NSW and UC Berkley in the US found a whole bunch of Android VPN apps contain viruses, spyware and other adware.

Researchers analysed the apps available for Android to look for nasties like trojans, spyware and adware — giving each an "anti-virus rank (AV)" based on what they found. The lower the rank, the better.

They found of the 283 apps they analysed, 38 per cent contained malware or malvertising (malicious advertising containing viruses).

"The findings are alarming and showing some very, very serious security and privacy issues," Data61 researcher Dali Kaafar said.

Got a confidential news tip? Email ABC Investigations at investigations@abc.net.au For more sensitive information: Text message using the Signal phone app +61 436 369 072 No system is 100 per cent secure, but the Signal app uses end-to-end encryption and can protect your identity. Please read the terms and conditions.

"If they embed some malware that means that particular malware can see all the other traffic that is originating from your device.

"Your [usernames and passwords] can be seen by this particular app and that's a very critical, very sensitive security issue."

Apps had access to data and texts

More than 80 per cent of the apps want access to your sensitive information, such as user data and text messages, according to the researchers.

They found one in five providers was not even encrypting traffic — one of the key jobs of a VPN.

"That's a huge security hole to not be encrypting that traffic," Dr Kaafar said.

"Consider that as your network being completely naked out in the wild so everyone can see it if you're sending on the internet or when you're connecting to a hotspot Wi-Fi."

Here are the 10 worst offenders according to the researchers — remember the lower the AV-rank, the better:

App Name AV-Rank Google Play rating (out of 5) Downloads (approx.) Availability OkVpn 24 4.2 1,000 DELETED EasyVpn 22 4.0 50,000 DELETED SuperVPN 13 3.9 10,000 DELETED Betternet 13 4.3 5 million ACTIVE CrossVpn 11 4.2 100,000 ACTIVE Archie VPN 10 4.3 10,000 ACTIVE HatVPN 10 4.0 5,000 DELETED sFly Network Booster 10 4.3 1,000 DELETED One Click 6 4.3 1 million ACTIVE Fast Secure Payment 5 4.1 5,000 ACTIVE

The researchers found sFly Network Booster incorporated spyware and could access text messages and even send them from users' phones.

OkVpn and EasyVPN could force ads to appear in other applications.

Since August last year, OkVpn, EasyVPN, SuperVPN, HatVPN and sFlyNetwork Booster have all been removed from the store, along with 44 others of the 283.

But Betternet, CrossVPN, Archie VPN, One Click VPN and Fast Secure Payment all remain.

Before their report was released, researchers contacted the individual developers and Google, which removed some of the apps from the store.

So what should you look out for?

Here are some of Dr Kaafar's tips: