CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Klopatra Android Trojan Conducts Nighttime Bank Transfers

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A new Android Trojan named Klopatra has been identified, capable of performing unauthorized bank transfers while the device is inactive. The malware targets users in Italy and Spain, with over 3,000 devices infected. Klopatra disguises itself as the Mobdro streaming app, leveraging its popularity to bypass security measures. It employs advanced techniques to evade detection and analysis, including anti-sandboxing methods and a commercial packer. The Trojan operates during nighttime hours, draining victims' bank accounts without alerting them. Klopatra uses Accessibility Services to gain extensive control over the device, allowing attackers to simulate user interactions remotely. It captures screenshots, records screen activity, and overlays fake login screens to steal credentials. The malware checks for device inactivity and charging status before executing its operations, ensuring the victim remains unaware until the next day.

Timeline

  1. 30.09.2025 23:28 1 articles · 4h ago

    Klopatra Trojan Conducts Nighttime Bank Transfers

    A new Android Trojan named Klopatra has been identified, capable of performing unauthorized bank transfers while the device is inactive. The malware targets users in Italy and Spain, with over 3,000 devices infected. Klopatra disguises itself as the Mobdro streaming app, leveraging its popularity to bypass security measures. It employs advanced techniques to evade detection and analysis, including anti-sandboxing methods and a commercial packer. The Trojan operates during nighttime hours, draining victims' bank accounts without alerting them. Klopatra uses Accessibility Services to gain extensive control over the device, allowing attackers to simulate user interactions remotely. It captures screenshots, records screen activity, and overlays fake login screens to steal credentials. The malware checks for device inactivity and charging status before executing its operations, ensuring the victim remains unaware until the next day.

    Show sources

Information Snippets