A fake Android VPN app has been caught stealing users’ money by giving hackers full control of their phones.
Researchers discovered the malicious app, Modpro IP TV + VPN (also known as Mobdro Pro IP TV + VPN), spreading through unofficial websites. Once installed, it drops a banking trojan called Klopatra, which has infected over 3,000 devices in Spain and Italy.
Klopatra exploits Android’s Accessibility Services to read screens, capture logins, and move money while users sleep. Apparently, it uses “Hidden VNC” to hide its actions and has evolved through more than 40 versions since March 2025, linked to a Turkish-speaking criminal group.
Experts warn that free VPN and IPTV apps can hide malware or weak privacy controls. Users who sideload apps, i.e. install them outside the Play Store, risk bypassing Google’s protections.
Businesses should block sideloaded apps, keep Android devices updated, and train staff to recognise risky downloads. Also, strong permission policies and mobile security tools remain key to stopping such attacks.