Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Klopatra Android banking Trojan account-draining activity

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The Klopatra Android banking Trojan is actively stealing credentials and draining bank accounts, creating covert fraud risk for more than 3,000 infected devices in Italy and Spain. It hides behind a Mobdro-branded lure and uses Accessibility Services to gain device control. The malware acts as a remote access Trojan (RAT) with overlays, screenshots, and screen-recording capabilities that help it capture banking credentials. It then performs nighttime transfers while victims are asleep, reducing the chance of detection.

Related Happenings

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
H score25 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...

Open Happening

BTMOB Android RAT no-code builder malware activity

Malware Activity
H score28 First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: **BTMOB** is an **Android RAT** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a **no-code APK builder** that generates customized...

Latest development: 29.05.2026 00:10

BTMOB is openly advertised on the clearweb and in private Telegram channels as a malware-as-a-service (MaaS) platform with an APK builder that customizes phishing payloads without coding. The Android RAT targets users mainly in Brazil and Latin America, uses phishing sites masquerading as streaming services, cryptocurrency mining platforms, and Google Play portals, and custom lures have included an Argentinian government agency theme.

Open Happening

Android 17 expands platform security and privacy protections

Security Tool/Service
H score10 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Open Happening

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
H score41 First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Open Happening

Mirax Android banking trojan with residential proxy nodes

Malware Activity
H score10 First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Open Happening

Timeline

  1. 30.09.2025 23:28 2 articles · 8mo ago

    Klopatra Android banking Trojan account-draining activity

    Initial Disclosure

    Initial builds of **Klopatra** were first observed in **March**, with the malware becoming more active during the **summer**. Early spread relied on a **Mobdro**-branded sideloading lure that helped the Trojan reach Android users outside the Play store.

    Show sources
    Open in new tab