A new report from cybersecurity firm Cleafy is warning users about a dangerous malware called Klopatra, which infects devices by disguising itself as a free VPN application.
The malware is reportedly spreading through an app named “Mobdro Pro IP + VPN,” which uses the name of a formerly popular streaming service to appear legitimate. According to researchers, once a user downloads the app, a fake installation wizard tricks them into granting extensive permissions.
This access allows the Klopatra malware to take control of the device, open banking apps, and transfer funds without the owner’s knowledge. Infected devices are also added to a network of compromised machines, known as a botnet, which can be used for further attacks.
Cleafy’s report estimates that around 3,000 devices have already been infected, primarily in Italy and Spain. The firm believes the group behind Klopatra is likely based in Turkey and is continuously refining its methods.
This latest threat follows a series of warnings from security firm Kaspersky in 2024 about the rise of malicious apps pretending to be free VPNs. The trend is particularly concerning as more people turn to VPNs to bypass regional content restrictions and new age-verification laws.
Experts urge the public to be extremely cautious when downloading free software. App stores are not always quick to remove malicious applications, so it’s important to research any free VPN before installing it. For those seeking a secure option, reputable services are recommended.
