Overview

• Cleafy estimates roughly 3,000 Android devices were infected via the Modpro IP TV + VPN app.
• Once installed, Klopatra requests Accessibility Services permission to read on‑screen data, capture inputs and simulate taps.
• Reports describe victims discovering emptied bank accounts after attackers accessed email and banking without their knowledge, prompting calls to delete the app immediately and consider resetting devices.
• Metro reports the malware was first seen in March, has undergone about 40 iterations, and is being distributed via malicious webpages, with reported ties to Turkey.
• Separate research recently flagged 16 Android VPN apps as highly problematic, with eight providers’ apps totaling over 700 million downloads, highlighting broader privacy and security risks.