Do You Use This VPN? Brits Warned To Delete App Now As Bank Accounts Emptied Overnight

A major warning has been issued to households across the United Kingdom as thousands of users report having their bank accounts drained after downloading a popular VPN app. Cyber security experts have confirmed that the Modpro IP TV + VPN has been infected with dangerous malware capable of spying on users and stealing sensitive financial information

The discovery has triggered nationwide concern, with authorities urging people to delete the app immediately to prevent further losses.

Experts Warn Of Dangerous Malware Hidden In VPN App

A Virtual Private Network (VPN) is designed to create a secure and encrypted tunnel that protects users' data while allowing them to browse the internet anonymously. It also enables access to restricted content based on geographical location.

However, as VPNs have become increasingly popular, cybercriminals have begun exploiting this trust by creating fake or corrupted versions to target unsuspecting users.

According to cyber security firm Cleafy, the Modpro IP TV + VPN app has been compromised by the Klopatra malware, a sophisticated form of spyware that gives hackers full access to a user's device. The firm revealed that approximately 3,000 devices have already been infected, with victims unaware that their private data and bank credentials were being collected. Once installed, the malware requests critical permissions that allow it to operate invisibly, including access to Android's Accessibility Services.

How The Attack Works

Cleafy explained that the Android Accessibility Services framework, which is designed to help users with disabilities, has been exploited by the malware to carry out malicious activities. These permissions allow the infected app to read on-screen content, track user inputs, and even perform swipes or taps without consent. In effect, the attackers can simulate the victim's actions on the device, logging into banking apps or emails to steal funds and personal data.

Once this occurs, victims are left with no visible signs of infection until their money begins disappearing from their accounts. By the time the unauthorised transactions are noticed, it is often too late to recover the funds. Security analysts warn that this represents a growing trend in cybercrime, where trusted digital tools such as VPNs are being turned into vehicles for large-scale data theft.

Other Problematic VPNs Identified

The Modpro app is not the only VPN raising red flags among experts. Just days before this warning, a separate study identified 16 VPNs as 'highly problematic', revealing that many are controlled by a small network of companies. Eight of these providers were found to have created apps with privacy and security vulnerabilities, collectively amassing over 700 million downloads through the Google Play Store.

Some of the most concerning apps listed include Turbo VPN, VPN Proxy Master, XY VPN, and 3X VPN – Smooth Browsing. Each of these has been downloaded more than 100 million times on Android devices. The study found that the companies behind them often used the Shadowsocks tunnelling protocol, which is not intended for confidentiality, despite claiming to offer secure internet connections.

Cyber Security Experts Urge Immediate Action

Experts are urging all smartphone users to think carefully before downloading any VPN or third-party application. Those who have already installed Modpro IP TV + VPN are being advised to delete the app immediately and reset their devices to remove any lingering malware. Android users are also being encouraged to review app permissions regularly and install official security updates as soon as they become available.

Cleafy's report warned that the situation highlights how quickly legitimate technology can be weaponised when placed in the wrong hands. By taking control of trusted digital tools, cybercriminals are finding new ways to bypass security systems and exploit users' dependence on online privacy.

Protecting Your Personal Data

Cyber security professionals recommend that users only download apps from verified sources and check the developer's background before installation. It is also advised to avoid granting unnecessary permissions, particularly for accessibility, camera, or banking access. Regularly monitoring bank statements and enabling two-factor authentication can add an extra layer of protection against unauthorised transactions.