If you're to your device, you might want to triple-check where it's from. Security experts have issued an urgent warning about a popular VPN app that was used as a Trojan Horse to sneak a nasty strain of malware onto Android phones worldwide.

Researchers from Cleafy, a security firm that specialises in preventing online fraud, discovered the malware, known as Klopatra. Once installed, the malware is designed to steal your money.

This isn't just a dodgy app – it's a "highly sophisticated" criminal operation.

Klopatra can raid your banking apps, empty cryptocurrency wallets, and even control your phone when the screen is switched off. According to Cleafy, have already fallen victim to this scam, and the numbers are growing.

Modpro IP TV + VPN is a free app that claims to offer complimentary access to a Virtual Private Network (VPN) and IPTV streaming ...but was actually just a means to deliver the custom-built Klopatra malware to Android devices

This isn't a new phenomenon. . That's because if a VPN provider isn't charging you to access its functionality, it's likely monetising you and your data to cover its costs. Better to subscribe to one of the and know your data is safe.

For those who inadvertently downloaded this new malware strain when trying to unlock a free VPN, the fallout is extremely serious. Experts say Klopatra doesn't resemble anything that’s already out there, meaning this tool was likely built from scratch for this exact purpose.

ExpressVPN has overhauled its subscription plans for the first time in 16 years, ditching its pricier one-size-fits-all plan for three separate subscriptions. The advantage? This has dramatically lowered the price for anyone who just wants access to this award-winning VPN service without any extra trimmings

If you're looking for some of the lowest monthly bills around, look no further than the award-winning Surfshark VPN. It's cut monthly subscription prices by a jaw-dropping 85%. Not only that, but Surfshark will also bundle an extra three months at the end of a two-year plan, dropping the effective cost to . Surfshark lets you use your subscription across unlimited devices

The cybercriminals behind Klopatra aren't just targeting people who want to download VPNs on Android, they've also disguised the nasty malware strain as fraudulent IPTV apps, too.

That means people simply looking to stream blockbuster films, terrestrial channels, and television boxsets could also find themselves fighting off this malware that allows criminals to "gain complete control over infected devices, steal sensitive credentials, and execute fraudulent transactions". Yikes.

It's a clever trick, really. Both VPNs and IPTV apps are incredibly popular, and people often search for them online. The hackers know this, so they've created fake versions of both types of apps to cast a wider net.

If you've recently downloaded what you thought was a VPN or IPTV app from somewhere other than the official Google Play Store, you could be at risk.

The malware spreads through a fake app called . Once you've installed it, the app asks for something called Accessibility Services permissions - and that's when the trouble really starts.

If you grant these permissions, you're basically handing over the keys to your phone. The hackers can tap buttons for you, read everything on your screen, steal your passwords, and control your apps without you knowing.

It's like having an invisible person looking over your shoulder who can also reach out and use your phone whenever they fancy. They can log into your accounts, transfer money, and you won't even realise it's happening.

What makes Klopatra particularly dangerous is how it hides from the security experts desperately trying to stop it. The malware relies on something called Virbox — normally used to protect legitimate software — to prevent researchers from taking it apart and understanding how it works.

It's got all sorts of clever tricks up its sleeve. The malware can tell when it's being studied in a lab environment and will shut itself down. It also has built-in defences against debugging tools that experts use to analyse threats. Perhaps most unsettling is its "black-screen VNC mode", which lets criminals use your phone while making it look like the screen is off and locked.

The malware only surfaced for the first time back in March, but since then, it has undergone 40 iterations, indicating that the group is actively working on and developing the malware. Security researchers believe it's the work of a Turkish cybercriminal, who built the entire thing from scratch.

Klopatra leverages something known as Virbox to block security researchers from studying the dangerous new strain of malware

Discussing the devastating new malware, Head of Security at Proton VPN, Patricia Egger told GB News: "The discovery of Klopatra highlights that mobile malware keeps evolving and just how dangerous fake apps can be.

"An unethical VPN is one of the most effective data harvesting tools imaginable, with visibility into almost everything a person does online. So, it’s not surprising that attackers are exploiting the trust users place in VPNs to do extensive damage. The best defence is vigilance.

"Ensure you download a VPN from a trusted source and always verify the permissions that apps are requesting. When choosing a VPN, look closely at their ownership and security practices, which can include bug bounty programs, being open-source, or publishing independent security audits."

The good news is that Klopatra only spreads through dodgy websites, not the official Google Play Store. If you stick to downloading apps from Google's official shop, you should be safe. But if you've side-loaded any VPN or IPTV apps recently, especially one called , delete it immediately.

Your bank account might depend on it.