Over 3,000 Android devices across Europe have already been compromised by the new sophisticated Klopatra banking and remote access trojan.
Over 3,000 Android devices across Europe have already been compromised by the new sophisticated Klopatra banking and remote access trojan, reports BleepingComputer.
Klopatra features real-time screen monitoring and clandestine Virtual Network Computing capabilities.
Third-party app stores have been used to distribute Klopatra in the form of the "Modpro IP TV + VPN" dropper app, according to researchers. Installing the malicious app facilitates exploitation of Android's Accessibility services to obtain more permissions while enabling user input capturing, gesture simulation, and screen monitoring, according to findings from Cleafy.
Malicious activities, including swipes and long presses for bank transactions, have also been conducted by Klopatra even in devices with locked screens using its black-screen VNC mode.
Advanced tools, including the Virbox code protector, NP Manager string encryption, and native libraries, have also been tapped by the malware to ensure stealth. Klopatra was suspected to be operated by a Turkish threat actor after origin IP addresses were revealed by a misconfiguration.
Sharon Florentine is the editorial director for CyberRisk Alliance’s Channel Brands and acting editorial director for SC UK. She is responsible for setting strategy and editorial direction and developing content for news, features, analysis and other written content, moderates live webcasts, and oversees research projects. Sharon has previously held key editorial, content and leadership positions at DevOps.com, Security Boulevard, CIO.com, Ziff Davis Enterprise, and CRN, among others.
Sharon Florentine is the editorial director for CyberRisk Alliance’s Channel Brands and acting editorial director for SC UK. She is responsible for setting strategy and editorial direction and developing content for news, features, analysis and other written content, moderates live webcasts, and oversees research projects. Sharon has previously held key editorial, content and leadership positions at DevOps.com, Security Boulevard, CIO.com, Ziff Davis Enterprise, and CRN, among others.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
