New Bank Trojan Infecting Thousands of Android Devices, Capable of Draining Accounts Automatically, Warns Cleafy

A newly discovered Android banking trojan is giving hackers the ability to hijack mobile devices and drain accounts while victims sleep.

In a new report, Italian cybersecurity firm Cleafy says the malware, named Klopatra, has already infected more than 3,000 devices across Europe in active campaigns targeting banks in Spain and Italy.

Cybersecurity researchers say the threat surfaced in late August 2025 and represents a “significant evolution in mobile malware sophistication.” Klopatra combines full device takeover with next-level code obfuscation designed to block detection and traditional analysis methods.

According to Cleafy, Klopatra infects devices by posing as a legitimate app called Mobdro Pro IP TV + VPN. The app promises access to high-quality television channels, which researchers say is a design choice, as users are willing to install pirated streaming apps from unofficial sources to bypass the Google Play Store.

Once installed and permission is granted, Klopatra abuses Android’s Accessibility Services to read screen content, capture keystrokes and simulate taps to approve fraudulent bank transfers.

“It can simulate taps and gestures, allowing it to navigate apps, click buttons (‘Allow,’ ‘Transfer’), enter text, and ultimately, perform fraudulent transactions autonomously.

The abuse of Accessibility Services is the cornerstone of modern banking malware fraud. The technical mechanism turns a malware infection into a direct financial loss, allowing Klopatra to operate with the same level of authority as the legitimate user, but completely invisibly.”

Cleafy warns that the attackers often strike at night when victims’ phones are charging and unattended, using stolen unlock patterns or PINs to quietly execute instant bank transfers.

“Klopatra represents a significant and sophisticated threat to the financial sector and mobile device users, particularly in Europe. The analysis conducted by the Cleafy team revealed malware that is not only technically advanced but is also managed by a cohesive and disciplined Turkish-speaking criminal group, controlling operations from A to Z.”

Generated Image: Midjourney