Subj : This dangerous new Android malware disguises itself as a VPN or I To : All From : TechnologyDaily Date : Thu Oct 02 2025 16:30:09 This dangerous new Android malware disguises itself as a VPN or IPTV app - so be on your guard Date: Thu, 02 Oct 2025 15:27:00 +0000 Description: In just a few months, Klopatra has been upgraded dozens of times, and can wreak havoc on Android devices. FULL STORY ======================================================================Klopatra malware steals banking and crypto data, even when screen is off Distributed via fake IPTV+VPN app, requests Accessibility permissions for full device control Uses Virbox, anti-debugging, and encryption to evade detection and analysis Cybersecurity researchers Cleafy have discovered a new, powerful Android trojan capable of stealing money from bank apps, stealing crypto from hot wallets, and even using the device while the screen is off. Klopatra, an Android malware apparently built by a Turkish threat actor, does not resemble anything thats already out there, meaning the tool was likely built from scratch. It was first spotted in March 2025, and since then has experienced 40 iterations, meaning the group is actively working on and developing the malware. Klopatra is being distributed through standalone, malicious pages, rather than Googles Play Store. It uses a dropper called Modpro IP TV + VPN, which pretends to be an IPTV and VPN app. Once the dropper is installed, it deploys Klopatra which, as usual for malicious apps, requests Accessibility Services permissions. Thousands of victims These permissions allow hackers to simulate taps, read screen content, steal credentials, and control apps silently - among other things. Besides stealing peoples money, data, and fiddling around the phone, Klopatra also has a list of hardcoded Android antivirus names, which it then cross-references with the device and attempts to disable. The malware also goes an extra mile to avoid being detected and analyzed. It uses Virbox, a legitimate software protection and licensing platform, that defends apps against privacy, reverse engineering, and unauthorized use. In this case, Virbox was used to prevent cybersecurity researchers from reverse-engineering and analyzing the malware. Furthermore, it uses native libraries to bring its Java and Kotlin use to a minimum, and recently started using NP Manager string encryption. The researchers said the malware comes with multiple anti-debugging mechanisms, runtime integrity checks, and the ability to detect when its running in an emulator, thus preventing researchers from dissecting it. So far, at least 3,000 devices across Europe are infected, Cleafy said. You might also like New Android RAT uses Near Field Communication to automatically steal money from devices Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-dangerous-new-android-malware-disg uises-itself-as-a-vpn-or-iptv-app-so-be-on-your-guard --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .