NEWYou can now listen to Fox News articles!
Malware targeting Android devices has grown increasingly sophisticated. From fake banking apps to phishing campaigns, attackers are finding new ways to trick you into giving up sensitive data.
One of the newest threats comes in the form of malicious apps that appear legitimate but can take full control of your device. Security researchers are now warning Android users to delete a fake VPN and streaming app that can allow criminals to take over your phone and drain your bank account.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
How Klopatra infects devices
The malicious VPN and streaming app is called Mobdro Pro IP TV + VPN, and it was recently discovered by researchers at Cleafy. Once you install the app, it drops a malware strain called Klopatra. It’s a new and highly sophisticated Android malware currently being used in active campaigns targeting financial institutions and their customers.
THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU
Fake VPN apps can hide dangerous malware that steals your data and money. (iStock)
At first glance, the app looks like a free streaming platform offering high-quality channels, which makes it appealing to Android users. Once installed, though, it deploys a banking Trojan and a remote-access tool that give attackers full control over the infected device. With that level of access, criminals can steal your banking credentials and even carry out fraudulent transactions without your knowledge.
The infection chain is carefully planned. It starts with social engineering, tricking you into downloading and installing the app from outside the official Play Store. From there, Klopatra bypasses Android’s built-in protections and reaches deep into the system to gain persistence and control.
HACKERS PUSH FAKE APPS WITH MALWARE IN GOOGLE SEARCHES
The Klopatra Trojan gives hackers full control of infected Android devices. (Kurt “CyberGuy” Knutsson)
Fake VPNs are a growing problem
VPNs are widely promoted as privacy tools that hide your IP address and encrypt internet traffic. Millions rely on them to bypass geographic restrictions, protect sensitive communications or simply browse more securely. Yet not all VPNs are trustworthy. Various studies have proved that popular commercial VPNs have alarming shortcomings. Some use protocols that are not designed to protect privacy, obscure ownership or fail to encrypt traffic properly.
When fake apps like Mobdro are combined with these weaknesses, users are left exposed. Criminals exploit both the popularity of VPNs and the prevalence of pirated streaming services to distribute malware effectively. This growing ecosystem of risky apps underscores how important it is to research, verify and only download software from reputable sources.
SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS
Stay safe by downloading apps only from trusted sources and keeping your phone updated. (Kurt “Cyberguy” Knutsson)
9 steps you can take to protect yourself
If you suspect that you’ve downloaded a fake app from the internet, there’s no need to panic. The steps below will help you stay protected and keep your data safe.
1) Stick to trusted sources
Only download VPNs, streaming services and apps from Google Play, Apple App Store or the official developer’s website. Avoid links in forums, social media messages or emails promising free content.
2) Check app permissions
Carefully review what access an app requests. If it asks for control over your device, settings or accessibility services unnecessarily, do not install it. Legitimate VPNs rarely require full device control.
3) Use a secure VPN
When choosing a VPN, opt for one with strong privacy policies, transparent ownership and robust encryption. A secure VPN ensures your connection remains private without giving attackers a foothold.
For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com
4) Install strong antivirus software
A strong antivirus on your device can detect malware and suspicious behavior before damage occurs. These services can scan new downloads and provide ongoing protection.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
5) Monitor your accounts
Banking Trojans target sensitive credentials. Identity monitoring services can alert you if your personal information appears online or is being misused, helping you respond before harm is done. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com
6) Remove the malicious app immediately
If you discover a suspicious app on your Android device, remove it right away.
Settings may vary depending on your Android phone’s manufacturer.Â
- Open Settings
- Click Apps and locate the fake app.
- Tap Uninstall to remove it from your device.
- If the uninstall option is unavailable, restart your phone in Safe Mode and try again.
- After removal, run a full antivirus scan to delete any remaining malware components.
7) Keep devices updated
Regular system updates patch security vulnerabilities that malware like Klopatra exploits. Combined with antivirus protection, this significantly reduces the chance of infection.
8) Change passwords and enable 2FA
Once your device is secure, update your login credentials.
- Change passwords for banking, email, and Google accounts immediately. Consider using a password manager to generate and store complex passwords. Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords
- Turn on two-factor authentication (2FA) for extra protection.
- Use an authenticator app instead of text messages for better security.
This step helps protect your accounts if hackers steal your credentials.Â
9) Report the malicious app
Finally, take steps to protect others and report the threat.
- Report the fake app to Google Play Protect or your antivirus provider.
- If your bank details were exposed, contact your bank’s fraud department immediately.
- Reporting helps cybersecurity teams track and block similar fake VPNs in the future.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaway
Fake VPNs and streaming apps exploit your trust and the gaps in app verification processes, showing that even tech-savvy individuals can fall victim. While official stores offer a layer of protection, you must remain vigilant, check permissions and rely on reputable security tools. Never download anything from the random links you see on the internet.
Do you think Google is doing enough to prevent malware from entering the Android OS? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
