• Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users Cybersecurity researchers have disclosed details of a new Android trojan calledMassivthat’s designed to facilitate device takeover (DTO) attacks for financial theft. • The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. • “This new threat, while only seen in a limited number of rather targeted campaigns, already poses a great risk to the users of mobile banking, allowing its operators to remotely control infected devices and perform device takeover attacks with further fraudulent transactions performed from the victim’s banking accounts,” the Dutch mobile security companysaidin a report shared with The Hacker News. • ThreatFabric told The Hacker News via email that the malware was first spotted in a campaign targeting users in Portugal and Greece earlier this year, although it has observed samples dating back to the start of 2025 as part of smaller test campaigns. • Like various Android banking malware families, Massiv supports a wide range of features to facilitate credential theft through a number of methods: screen streaming through Android’sMediaProjection API, keylogging, SMS interception, and fake overlays served atop banking and financial apps. • The overlay asks users to enter their credentials and credit card details.

Article Summaries:

  • Cybersecurity researchers have identified a new Android trojan, Massiv, that masquerades as IPTV apps to target mobile banking users. First seen in campaigns against users in Portugal and Greece, the malware enables device takeover (DTO) attacks, allowing attackers to remotely control infected phones and conduct fraudulent transactions. Massiv employs keylogging, SMS interception, screen streaming, and fake overlays that prompt users to enter banking credentials or personal data. It also bypasses screen‑capture protection via UI‑tree mode, enabling stealthy remote control. The threat has already been linked to credential theft, new bank account openings, and potential money‑laundering schemes.

Sources: