A new Android banking trojan named Klopatra is on the prowl, and it is using the promise of free VPN services to hijack personal devices and drain bank accounts. Cybersecurity firm Cleafy has exposed the operation, revealing that the malware disguises itself as a free VPN app called Mobdro Pro IP + VPN. This discovery reinforces a warning from Kaspersky security researchers earlier this year about a significant surge in malicious apps masquerading as free VPNs. This threat is particularly timely as more people turn to VPNs to bypass new internet restrictions and age-verification laws. The malicious app borrows the name Mobdro from a popular, and previously shut down, IPTV service, but the two are not related. The fake app uses this familiar name as a lure. Once a user downloads it, the app walks them through what seems like a standard installation process. In reality, these steps are a trap, tricking the user into granting the malware full control over their device. After gaining access, the Klopatra trojan abuses Android’s accessibility services. This powerful feature, designed to help users with disabilities, allows the malware to act on your behalf. It can open your banking apps, mimic your screen taps, and initiate transactions to transfer your money out of your accounts. The infected device is also enrolled into a botnet, making it a tool for further cyberattacks. Cleafy’s investigation suggests the Klopatra operation has already compromised approximately 3,000 devices, with a concentration of victims in Italy and Spain. The report indicates the group behind the malware is likely based in Turkey and is actively evolving its methods. The choice of a combined free VPN and streaming app as a disguise is a clever one, preying on user frustration with both fractured streaming services and increasing government internet controls. Kaspersky has identified several other free VPNs that have been used as malware delivery systems in the recent past, including MaskVPN, PaladinVPN, ShineVPN, ShieldVPN, DewVPN, and ProxyGate. With Klopatra proving successful, security experts anticipate a wave of copycats. Because app stores can be slow to remove these dangerous applications, users must be extremely cautious. It is critical to thoroughly research any free VPN before installing it. When in doubt, opt for a reputable free VPN service from a trusted provider, such as Proton VPN or hide.me, to ensure your security and privacy are protected.
