New 'Massiv' Android banking malware poses as an IPTV app

• New ‘Massiv’ Android banking malware poses as an IPTV app February 19, 2026 05:00 AM 0 A new Android banking malware, which researchers named Massiv, is posing as an IPTV app to steal digital identities and access online banking accounts. • The malware relies on screen overlays and keylogging to obtain sensitive data and can take remote control of a compromised device. • In a campaign observed by researchers at fraud detection and mobile threat intelligence company ThreatFabric, Massiv targeted a Portuguese government app that connects with Chave Móvel Digital - Portugal’s digital authentication and signature system. • The two service contain user data that could be used to bypass know-your-customer (KYC) verifications or to access banking accounts and other public and private online services. • “MTI research identified cases where new accounts were opened in the name of the victim (user of the infected device) in new banks and services (not used by the victim),“describes the ThreatFabric report. • “Since those accounts are fully under fraudster control, they can further use them as a part of money laundering scheme as well as getting loans and cashing out the money, leaving unsuspecting victim in debts in the bank they never opened account themselves.” Massiv provides two remote control modes for its operators: a screen live-streaming mode that leverages Android’s MediaProjection API, and a UI-tree mode that extracts structured data from the Accessibility Service.

Article Summaries:

• A new Android banking trojan, dubbed Massiv, has been identified by ThreatFabric researchers. The malware masquerades as an IPTV app, using screen‑overlay and keylogging techniques to harvest login credentials and gain remote control of infected devices. In a recent campaign, Massiv targeted a Portuguese government app that interfaces with Chave Móvel Digital, the country’s digital authentication system, enabling attackers to create new bank accounts in victims’ names and facilitate money‑laundering schemes. The trojan offers two remote‑control modes-live‑streaming via MediaProjection and UI‑tree extraction via Accessibility Service-to bypass screen‑capture protections. ThreatFabric warns that fake IPTV apps are increasingly used as infection vectors, urging users to download only vetted apps from official channels.

Sources:

• https://www.bleepingcomputer.com/news/security/new-massiv-android-banking-malware-poses-as-an-iptv-app/