Novel Klopatra Android trojan runs amok in Europe

October 2, 2025

(Adobe Stock Images)

Over 3,000 Android devices across Europe have already been compromised by the new sophisticated Klopatra banking and remote access trojan that features real-time screen monitoring and clandestine Virtual Network Computing capabilities, reports BleepingComputer.

Third-party app stores have been used to distribute Klopatra in the form of the "Modpro IP TV + VPN" dropper app, the installation of which facilitates exploitation of Android's Accessibility services to obtain more permissions while enabling user input capturing, gesture simulation, and screen monitoring, according to findings from Cleafy. Malicious activities, including swipes and long presses for bank transactions, have also been conducted by Klopatra even in devices with locked screens using its black-screen VNC mode.

Advanced tools, including the Virbox code protector, NP Manager string encryption, and native libraries, have also been tapped by the malware to ensure stealth. Klopatra was suspected to be operated by a Turkish threat actor after origin IP addresses were revealed by a misconfiguration.

SC Staff

Ransomware

Attackers drop DragonForce ransomware leveraging MS Teams relay systems

Steve ZurierJune 17, 2026

DragonForce ransomware abused Microsoft Teams relay infrastructure to hide C2 traffic.

Malware

SprySOCKS backdoor expands to Windows with new variants

SC StaffJune 16, 2026

The Windows variants, WIN_DRV and WIN_PLUS, retain the core architecture of their Linux predecessor, including command-and-control (C2) protocols and encryption methods.

Malware

Malware distributed via Steam Workshop wallpapers

SC StaffJune 16, 2026

Kaspersky researchers have identified that malicious actors are exploiting the Steam Workshop platform, specifically through the Wallpaper Engine application, to distribute malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

Adware