Overview
- Security firm Cleafy says a fake app posing as Mobdro Pro IP TV + VPN installs Klopatra, a new Android banking trojan and remote‑access tool.
- Klopatra guides users to grant Accessibility permissions so attackers can read screens, capture inputs, and perform actions that enable fraudulent transactions.
- The operation piggybacks on the Mobdro brand and distributes the APK via unofficial sites rather than official app stores, targeting users seeking free IPTV and VPN tools.
- Cleafy’s analysis points to a Turkish‑speaking group and notes rapid evolution since March, with dozens of builds observed across active campaigns in countries including Italy and Spain.
- Experts advise deleting suspicious VPN or IPTV apps, avoiding sideloaded APKs, running trusted security scans, updating devices, and resetting banking credentials if compromise is suspected.