Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Klopatra two-campaign Android banking operation

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The Klopatra operation now stands out as a two-campaign mobile banking-theft effort tied to 3,000 unique infections across Europe. That scale matters because the malware combines credential theft with hidden VNC hands-on control, increasing the risk of fraudulent account access and device abuse. The activity has been active since March 2025 and continues to evolve quickly.

Related Happenings

Mirax social media ad campaign targeting Spanish-speaking users

Campaign
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: The **Mirax** distribution campaign is using **social media advertisements** and **fake IPTV or streaming apps** to reach **Spanish-speaking users** at scale, raising the risk of...

Open Happening

Mirax Android banking trojan with residential proxy nodes

Malware Activity
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Open Happening

Massiv fake IPTV SMS-phishing campaign

Campaign
First: 19.02.2026 12:24 Last: 19.02.2026 12:24 Sources 1

About this happening: The **Massiv** distribution campaign is using **SMS phishing** and **fake IPTV apps** to deliver Android malware, creating a direct path to **mobile banking theft** and **device t...

Open Happening

Massiv Android trojan device-takeover and credential-theft activity

Malware Activity
First: 19.02.2026 12:24 Last: 19.02.2026 12:24 Sources 1

About this happening: The **Massiv** Android trojan has been disclosed as a **device-takeover** threat that can steal banking credentials and enable fraudulent transactions. It uses **screen streaming*...

Open Happening

Massiv Android banking malware disguised as IPTV app

Malware Activity
First: 19.02.2026 12:00 Last: 19.02.2026 12:00 Sources 1

About this happening: The **Massiv** Android banking malware is posing as an **IPTV app** to steal digital identities and access **online banking accounts**. It uses **screen overlays**, **keylogging**...

Open Happening

Timeline

  1. 01.10.2025 21:33 2 articles · 7mo ago

    Cleafy discloses Klopatra Android banking trojan

    Initial Disclosure

    Cleafy identifies Klopatra as a new Android banking and remote access trojan disguised as Modpro IP TV + VPN and says it has infected more than 3,000 unique devices across Europe. The malware abuses Android’s Accessibility service, uses a hidden VNC mode to capture inputs and drain accounts, and researchers assess that it is operated by a Turkish-speaking cybercrime group; the campaign has been evolving since March 2025 and now spans 40 distinct builds.

    Show sources
    Open in new tab