New “Klopatra” trojan drains bank accounts while victims sleep

A newly discovered Android Trojan known as Klopatra is raising alarms in the cybersecurity community after researchers revealed it can steal money from victims’ bank accounts without triggering any alerts, often while users are asleep.

 

First observed earlier this year, Klopatra has already infected more than 3,000 devices across Italy and Spain. The malware hides inside pirated apps such as Mobdro, a popular illegal streaming service, luring users frustrated with multiple paid subscriptions. Once installed, Klopatra quietly circumvents security checks, suppresses warnings, and initiates unauthorized fund transfers in the background.

 

Unlike earlier generations of banking malware, Klopatra operates with unusual stealth, making it harder for both victims and banks to detect fraudulent activity. Its ability to bypass anti-fraud defenses and operate undisturbed marks a significant escalation in the sophistication of mobile banking threats.

 

Security experts warn that the Trojan’s success highlights the dangers of downloading apps from unofficial sources and the need for stronger authentication measures. Financial institutions, meanwhile, face renewed pressure to adapt their monitoring systems as cybercriminals develop more resilient tactics.

 

Klopatra’s emergence is a reminder that mobile banking, while convenient, remains a prime target for attackers and that vigilance, both from users and banks, is essential to stay ahead of increasingly sophisticated threats.