New malware has been discovered, and its core focus is on financial institutions and their customers.
Named Klopatra, it was discovered by the Cleafy threat intelligence team, and they describe the malware as “previously unknown and had no apparent connections to known malware families.”.
Discovered in late August 2025 , it operates as a powerful banking trojan and Remote Access Trojan (RAT), allowing its operators to gain complete control over infected devices, steal sensitive credentials, and execute fraudulent transactions.
Analysis shows the malware is prevalent in Spain and Italy, as two powerful botnets have already compromised about 3,000 devices.
Built for stealth and resilience
The malware is built on a solid architecture that makes it harder to detect.
Developers of the malware incorporated Virbox, a commercial-grade code protection tool, and also shifted core functionalities from Java to native libraries, making it difficult to detect under traditional analysis.
Linguistic clues within the malware codes and other intelligence gathered, including operational notes left by the attackers themselves, suggests the threat group may originate from Turkey.
What is Cleafy saying
“Klopatra represents a significant and sophisticated threat to the financial sector and mobile device users, particularly in Europe. The analysis conducted by the Cleafy team revealed malware that is not only technically advanced but is also managed by a cohesive and disciplined Turkish-speaking criminal group, controlling operations from A to Z,” Cleafy researchers said in a blog post.
“For financial institutions and anti-fraud teams, the emergence of Klopatra underscores the need for threat detection solutions that go beyond static analysis and focus on device-level behavioral monitoring.”
“For the threat intelligence community, continuous monitoring of this group and its infrastructure will be essential to anticipate their next moves and protect users from this evolving threat.”
Also read:
- Over 400 Facebook Users in Africa Hit by StealC v2 Malware Campaign
- New Phishing Campaign Targets Egypt and Other Nations with UpCrypter Malware
- PlayPraetor Malware Surges in Africa, Morocco a Prime Target
About Author
