CyberSum logo
Back

Klopatra Android RAT Steals Banking Credentials via VNC

Cyber Security News by CyberSum.net
3 sources
A highly sophisticated Android banking trojan and Remote Access Trojan (RAT) named Klopatra has compromised thousands of devices. The malware stands out by using a commercial-grade code protection suite called Virbox, making it exceptionally difficult to detect and analyze. Klopatra tricks users into installing it via dropper apps disguised as pirated streaming services, then abuses Accessibility Services to gain full device control. Its most dangerous feature is a Hidden VNC mode, which blacks out the victim's screen while attackers secretly perform fraudulent banking transactions. This campaign highlights a trend of mobile malware adopting professional-grade tools to maximize stealth and profitability.

Also Read

VMware vCenter & NSX Flaws Allow Email & User Enumeration

Broadcom has addressed multiple vulnerabilities in VMware vCenter and NSX with new security updates. The flaws include an SMTP header injection in vCenter (CVE-2025-41250) that could allow a privileged user to manipulate notification emails. Additionally, two vulnerabilities in NSX (CVE-2025-41251 and CVE-2025-41252) permit an unauthenticated attacker to enumerate valid usernames. These NSX flaws exploit a weak password recovery mechanism and login response timing to confirm existing accounts. Administrators are urged to apply the patches immediately, as these issues could facilitate targeted brute-force or phishing attacks.

By Cyber Security News by CyberSum.net