Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Mobdro lure campaign delivering Klopatra to illegal streaming users

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The Mobdro lure campaign is pushing Klopatra to users of illegal streaming services, widening the risk of covert banking theft across Europe. By disguising the Trojan as a familiar pirate-streaming app, the operators are using brand recognition to drive sideloading outside official stores. The result is an active delivery operation tied to Italy and Spain, where infected devices have already been reported in the thousands.

Related Happenings

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...

Open Happening

BTMOB phishing campaign targeting Android users in Brazil and beyond

Campaign
First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: The **BTMOB phishing distribution campaign** is pushing **malicious APKs** through **fake app stores**, expanding Android compromise risk across **Brazil and beyond**. Operators l...

Open Happening

BTMOB Android RAT no-code builder malware activity

Malware Activity
First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: The **BTMOB** Android RAT is spreading through **phishing campaigns** across **Brazil and beyond**, raising the risk of **custom payload delivery** and **remote device takeover**....

Open Happening

TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria

Campaign
First: 11.05.2026 18:15 Last: 11.05.2026 18:15 Sources 1

About this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

Timeline

  1. 30.09.2025 23:28 2 articles · 7mo ago

    Klopatra banking Trojan disclosed as a Mobdro-disguised Android campaign

    Initial Disclosure

    Cleafy describes Klopatra as a new Android banking Trojan/RAT that is disguised as the Mobdro pirate-streaming app, abuses Accessibility Services after sideloading, and uses Virbox plus anti-sandboxing and native-library techniques to hinder analysis. The reported campaign is tied to Turkish-language cyberattackers, targets users of illegal streaming services, and has infected more than 3,000 devices in Italy and Spain since initial builds were first observed in March and the malware matured in the summer.

    Show sources
    Open in new tab