Hi!
Our engineers have conducted a thorough analysis of this threat, reconstructed it experimentally, and tested it on Proton VPN.
We concluded that:
the attack can only be carried out if the local network itself is compromised
our Windows and Android apps are fully protected against it
for iOS and macOS apps, you are completely protected from this as long as you’re using a Kill Switch and a WireGuard-based protocol (our apps use WireGuard by default, and if a user wants to use something other than WireGuard derivates, they’d have to manually set it up). Note that Stealth, WireGuard TCP, and our Smart protocol on iOS/macOS are all WireGuard-based.
for our Linux app, we’re working on a fix that would provide full protection against it.
Thanks for the reply! Here’s their 2024-5-8 reply for reference: