Klopatra Android banking Trojan account-draining activity
Malware Activity
Summary
Hide ▲
Show ▼
The Klopatra Android banking Trojan is actively stealing credentials and draining bank accounts, creating covert fraud risk for more than 3,000 infected devices in Italy and Spain. It hides behind a Mobdro-branded lure and uses Accessibility Services to gain device control. The malware acts as a remote access Trojan (RAT) with overlays, screenshots, and screen-recording capabilities that help it capture banking credentials. It then performs nighttime transfers while victims are asleep, reducing the chance of detection.
Related Happenings
BTMOB Android RAT no-code builder malware activity
Malware Activity
First: 26.05.2026 17:00
Last: 26.05.2026 17:00
Sources 1
About this happening:
The **BTMOB** Android RAT is spreading through **phishing campaigns** across **Brazil and beyond**, raising the risk of **custom payload delivery** and **remote device takeover**....
BTMOB Android RAT no-code builder malware activity
Malware ActivityAbout this happening: The **BTMOB** Android RAT is spreading through **phishing campaigns** across **Brazil and beyond**, raising the risk of **custom payload delivery** and **remote device takeover**....
Android 17 expands platform security and privacy protections
Security Tool/Service
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
NGate malware trojanized HandyPay NFC-stealing variant
Malware Activity
First: 21.04.2026 12:00
Last: 21.04.2026 12:00
Sources 1
About this happening:
A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...
NGate malware trojanized HandyPay NFC-stealing variant
Malware ActivityAbout this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...
Mirax Android banking trojan with residential proxy nodes
Malware Activity
First: 13.04.2026 17:30
Last: 13.04.2026 17:30
Sources 1
About this happening:
Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Mirax Android banking trojan with residential proxy nodes
Malware ActivityAbout this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Global mobile banking malware campaign targeting 1243 financial brands
Campaign
First: 19.03.2026 16:30
Last: 19.03.2026 16:30
Sources 1
About this happening:
The **global mobile banking malware campaign** is expanding against **1243 financial brands** across **90 countries**, shifting fraud onto **user devices** and weakening tradition...
Global mobile banking malware campaign targeting 1243 financial brands
CampaignAbout this happening: The **global mobile banking malware campaign** is expanding against **1243 financial brands** across **90 countries**, shifting fraud onto **user devices** and weakening tradition...
Timeline
-
30.09.2025 23:28 2 articles · 7mo ago
Klopatra Android banking Trojan account-draining activity
Initial DisclosureInitial builds of **Klopatra** were first observed in **March**, with the malware becoming more active during the **summer**. Early spread relied on a **Mobdro**-branded sideloading lure that helped the Trojan reach Android users outside the Play store.
Show sources
- 'Klopatra' Trojan Makes Bank Transfers While You Sleep — www.darkreading.com — 30.09.2025 23:28
- 'Klopatra' Trojan Makes Bank Transfers While You Sleep — www.darkreading.com — 30.09.2025 23:28