Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Klopatra Android banking trojan activity

Malware Activity
First reported
Last updated
Happening score
H score 28
2 unique sources, 2 articles

Summary

Hide ▲

The Klopatra Android banking trojan has infected more than 3,000 devices across Europe, with the latest reporting describing a disguised Modpro IP TV + VPN dropper and a campaign that targets banking credentials and remote control. It abuses Android’s Accessibility service, uses a hidden VNC mode and overlay attacks to capture inputs and carry out transactions, and is associated with a Turkish-speaking cybercrime group.

Related Happenings

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...

Open Happening

BTMOB Android RAT no-code builder malware activity

Malware Activity
First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: The **BTMOB** Android RAT is spreading through **phishing campaigns** across **Brazil and beyond**, raising the risk of **custom payload delivery** and **remote device takeover**....

Open Happening

Android 17 expands platform security and privacy protections

Security Tool/Service
First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Open Happening

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

BirdCall Android spyware variant

Malware Activity
First: 05.05.2026 12:04 Last: 05.05.2026 12:04 Sources 1

About this happening: The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...

Open Happening

Timeline

  1. 01.10.2025 12:25 3 articles · 7mo ago

    Klopatra Android banking trojan activity

    Initial Disclosure

    In **late August 2025**, researchers identified a previously undocumented Android banking trojan that was already showing signs of active deployment. Early analysis tied the malware to remote-control and credential-theft behavior on infected devices.

    Show sources
    Open in new tab