Security researchers are warning Android users to delete a fake VPN and streaming app that can let criminals take over their phones and drain their bank accounts.
The app, Mobdro Pro IP TV + VPN, was discovered by researchers at Cleafy to be a malicious sideloaded app, not a legitimate VPN. Their analysis found it installs Klopatra, a new Android banking Trojan and remote-access tool with no links to known malware families.
Klopatra targets banking customers and gives attackers full remote control of infected devices, allowing them to steal credentials and carry out fraudulent transactions.
The researchers found that:
“Klopatra’s effectiveness lies in a carefully orchestrated infection chain, which begins with social engineering and culminates in the complete takeover of the victim’s device. Each stage is designed to overcome the defenses of the user and the Android operating system.”
The lure works by pretending to be an IPTV app that offers free, high-quality TV channels. Because pirated streaming apps are so common, users often expect to install them from unofficial websites (sideloading), unintentionally bypassing the protections of the Google Play Store.
Klopatra is an extreme example of a fake virtual private network (VPN) used to spread malware, but it’s not the only reason to be cautious. Even genuine VPNs on Google Play can have hidden risks, from vague ownership to weak privacy protections.
Even genuine VPNs can be risky
VPNs are often promoted as essential tools for privacy, circumventing geo-blocks, or bypassing age verification controls. For hundreds of millions of users, VPN connections are the solution to hide the user’s IP address and location, and to encrypt web traffic so it’s useless when intercepted.
But picking a VPN you can trust is not always easy. Even if you get one from the official Play Store.
A recent study, the VPN Transparency Report 2025 by the Open Technology Fund, revealed alarming shortcomings among some of the world’s most-downloaded VPN apps. The researchers examined the ownership, operation, and development of 32 commercial VPNs, collectively used by more than a billion people.
Among the apps flagged as “concerning” are very popular solutions like Turbo VPN, VPN Proxy Master, XY VPN, and 3X VPN – Smooth Browsing, each of which has been downloaded at least 100 million times from the Google Play Store.
Some of these solutions even provide a false sense of privacy by using technologies that weren’t designed for privacy at all, the study claims. They found that several:
“providers use the Shadowsocks tunneling protocol [which is not designed for confidentiality] to build the VPN tunnel, and claim their users’ connections are secure.”
The report emphasizes how important it is to gather information before installing a VPN: it’s worth learning who runs it, how it’s built, and what it does with your data. This is key for users to make informed decisions.
Practical tips on how to protect yourself
- Stick to trusted sources. Download apps—especially VPNs and streaming services—only from Google Play, Apple’s App Store, or the official provider. Never install something just because a link in a forum or message promises a shortcut.
- Check an app’s permissions. If an app asks for control over your device, your settings, Accessibility Services, or wants to install other apps, stop and ask yourself why. Does it really need those permissions to do what you expect it to do?
- Use layered, up-to-date protection. Install real-time anti-malware protection on your Android that scans for new downloads and suspicious activity. Keep both your security software and your device system updated—patches fix vulnerabilities that attackers can exploit.
- Stay informed. Follow trustworthy cybersecurity news and share important warnings with friends and family.
If you think you’ve been affected:
Delete any suspicious VPN or IPTV apps, run a trusted security scan, and reset your banking credentials if you suspect your device has ever been compromised. For your peace of mind and your wallet’s safety, choose your VPN wisely.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.