The post Delete the fake VPN app stealing Android users' money appeared first on My Blog.
]]>One of the newest threats comes in the form of malicious apps that appear legitimate but can take full control of your device. Security researchers are now warning Android users to delete a fake VPN and streaming app that can allow criminals to take over your phone and drain your bank account.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join myCYBERGUY.COMnewsletter.
The malicious VPN and streaming app is called Mobdro Pro IP TV + VPN, and it was recently discovered by researchers at Cleafy. Once you install the app, it drops a malware strain called Klopatra. It’s a new and highly sophisticated Android malware currently being used in active campaigns targeting financial institutions and their customers.
THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU
Fake VPN apps can hide dangerous malware that steals your data and money. (iStock)
At first glance, the app looks like a free streaming platform offering high-quality channels, which makes it appealing to Android users. Once installed, though, it deploys a banking Trojan and a remote-access tool that give attackers full control over the infected device. With that level of access, criminals can steal your banking credentials and even carry out fraudulent transactions without your knowledge.
The infection chain is carefully planned. It starts with social engineering, tricking you into downloading and installing the app from outside the official Play Store. From there, Klopatra bypasses Android’s built-in protections and reaches deep into the system to gain persistence and control.
HACKERS PUSH FAKE APPS WITH MALWARE IN GOOGLE SEARCHES
The Klopatra Trojan gives hackers full control of infected Android devices. (Kurt "CyberGuy" Knutsson)
VPNs are widely promoted as privacy tools that hide your IP address and encrypt internet traffic. Millions rely on them to bypass geographic restrictions, protect sensitive communications or simply browse more securely. Yet not all VPNs are trustworthy. Various studies have proved that popular commercial VPNs have alarming shortcomings. Some use protocols that are not designed to protect privacy, obscure ownership or fail to encrypt traffic properly.
When fake apps like Mobdro are combined with these weaknesses, users are left exposed. Criminals exploit both the popularity of VPNs and the prevalence of pirated streaming services to distribute malware effectively. This growing ecosystem of risky apps underscores how important it is to research, verify and only download software from reputable sources.
SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS
Stay safe by downloading apps only from trusted sources and keeping your phone updated. (Kurt "Cyberguy" Knutsson)
If you suspect that you’ve downloaded a fake app from the internet, there’s no need to panic. The steps below will help you stay protected and keep your data safe.
Only download VPNs, streaming services and apps from Google Play, Apple App Store or the official developer’s website. Avoid links in forums, social media messages or emails promising free content.
Carefully review what access an app requests. If it asks for control over your device, settings or accessibility services unnecessarily, do not install it. Legitimate VPNs rarely require full device control.
When choosing a VPN, opt for one with strong privacy policies, transparent ownership and robust encryption. A secure VPN ensures your connection remains private without giving attackers a foothold.
For the best VPN software, see my expert review of the best VPNs for browsing the web privately on yourWindows, Mac, Android & iOS devices atCyberguy.com
A strong antivirus on your device can detect malware and suspicious behavior before damage occurs. These services can scan new downloads and provide ongoing protection.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices atCyberguy.com
Banking Trojans target sensitive credentials. Identity monitoring services can alert you if your personal information appears online or is being misused, helping you respond before harm is done. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft atCyberguy.com
If you discover a suspicious app on your Android device, remove it right away.
Settings may vary depending on your Android phone’s manufacturer.
Open SettingsClick Apps and locate the fake app.Tap Uninstall to remove it from your device.If the uninstall option is unavailable, restart your phone in Safe Mode and try again.After removal, run a full antivirus scan to delete any remaining malware components.
Regular system updates patch security vulnerabilities that malware like Klopatra exploits. Combined with antivirus protection, this significantly reduces the chance of infection.
Once your device is secure, update your login credentials.
Change passwords for banking, email, and Google accounts immediately. Consider using a password manager to generate and store complex passwords. Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/PasswordsTurn on two-factor authentication (2FA) for extra protection.Use an authenticator app instead of text messages for better security.
This step helps protect your accounts if hackers steal your credentials.
Finally, take steps to protect others and report the threat.
Report the fake app to Google Play Protect or your antivirus provider.If your bank details were exposed, contact your bank’s fraud department immediately.Reporting helps cybersecurity teams track and block similar fake VPNs in the future.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Fake VPNs and streaming apps exploit your trust and the gaps in app verification processes, showing that even tech-savvy individuals can fall victim. While official stores offer a layer of protection, you must remain vigilant, check permissions and rely on reputable security tools. Never download anything from the random links you see on the internet.
Do you think Google is doing enough to prevent malware from entering the Android OS? Let us know by writing to us atCyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join myCYBERGUY.COMnewsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
The post Delete the fake VPN app stealing Android users' money appeared first on My Blog.
]]>The post Payroll scam hits US universities as phishing wave tricks staff appeared first on My Blog.
]]>Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join myCYBERGUY.COM. newsletter.
SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS
According to Microsoft Threat Intelligence, Storm-2657 primarily targets Workday, a widely used human resources platform, though other payroll and HR software could be at risk as well. The attackers begin with highly convincing phishing emails, carefully crafted to appeal to individual staff members. Some messages warn of a sudden campus illness outbreak, creating a sense of urgency, while others claim that a faculty member is under investigation, prompting recipients to check documents immediately. In some cases, emails impersonate the university president or HR department, sharing “important” updates about compensation and benefits.
Phishing scams are evolving fast, and now universities have become prime targets for payroll theft. (Kurt "CyberGuy" Knutsson)
These emails contain links designed to capture login credentials and multi-factor authentication (MFA) codes in real time using adversary-in-the-middle techniques. Once a staff member enters their information, the attackers can access the account as if they were the legitimate user. After gaining control, the hackers set up inbox rules to delete Workday notifications, so the victims do not see alerts about changes. This stealthy approach allows the attackers to modify payroll profiles, adjust salary payment settings and redirect funds to accounts they control, all without raising immediate suspicion.
COLUMBIA UNIVERSITY DATA BREACH HITS 870,000 PEOPLE
The hackers don’t stop at a single account. Once they control one mailbox, they use it to spread the attack further. Microsoft reports that from just 11 compromised accounts at three universities, Storm-2657 sent phishing emails to nearly 6,000 email addresses at 25 institutions. By using trusted internal accounts, their emails appear more legitimate, increasing the likelihood that recipients will fall for the scam.
To maintain access over time, the attackers sometimes enroll their own phone numbers as MFA devices, either through Workday profiles or through Duo MFA. This gives them persistent access, allowing them to approve further malicious actions without needing to phish again. Combined with inbox rules that hide notifications, this strategy lets them operate undetected for longer periods.
Microsoft emphasizes that these attacks don’t exploit a flaw in Workday itself. Instead, they rely on social engineering, the absence of strong phishing-resistant MFA and careful manipulation of internal systems. In essence, the threat comes from human behavior and insufficient protection, not software bugs.
Hackers lure staff with convincing emails that mimic campus alerts or HR updates and steal login details in real time. (Microsoft)
Protecting yourself from payroll and phishing scams isn’t complicated. By taking a few careful steps, you can make it much harder for attackers to gain access to your accounts or personal information.
The more information scammers can find about you, the easier it is to craft convincing phishing messages. Services that remove or monitor personal data online can reduce exposure, making it harder for attackers to trick you with targeted emails.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visitingCyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
Scammers often send emails that look like they come from your HR department or university leadership, warning about payroll, benefits or urgent issues. Don’t click links or download attachments unless you are 100% sure they are legitimate. Even small mistakes can give attackers access to your accounts.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices atCyberguy.com.
Researchers have discovered that since March 2025, a hacking group known as Storm-2657 has been running “pirate payroll” attacks, using phishing tactics to gain access to payroll accounts. (Javi Sanz/Getty Images)
If an email mentions salary changes or requires action, call or email the HR office or the person directly, using contact information you already know. Phishing emails are designed to create panic and rush decisions, so taking a moment to verify can stop attackers in their tracks.
Never reuse passwords across multiple accounts. Scammers often try to use credentials stolen from other breaches. A password manager can help you generate strong passwords and store them securely, so you don’t have to remember dozens of different combinations.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords, and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 atCyberguy.com.
Add an extra layer of security by enabling2FA on all accounts that support it. This means even if someone steals your password, they still can’t log in without a second verification step, such as a code sent to your phone.
Even if you follow all precautions, it’s smart to monitor your accounts for any unusual activity. Catching unauthorized transactions quickly can prevent bigger losses and alert you to potential scams before they escalate.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Hackers will reroute payments after gaining access to users’ login information. (Kurt "CyberGuy" Knutsson)
The Storm-2657 attacks show that cybercriminals are targeting trust, not software. Universities are appealing because payroll systems handle money directly, and staff can be manipulated through well-crafted phishing. The scale and sophistication of these attacks highlight how vulnerable even well-established institutions can be to financially motivated threat actors.
How often do you check your payroll or bank accounts for unusual activity? Let us know by writing to us atCyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join myCYBERGUY.COM. newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
The post Payroll scam hits US universities as phishing wave tricks staff appeared first on My Blog.
]]>