A newly discovered Android banking malware called Massiv is spreading by pretending to be an IPTV streaming application, allowing attackers to steal digital identities and gain access to victims’ online banking accounts.
Security researchers at mobile threat intelligence firm ThreatFabric identified the campaign, which uses screen overlays and keylogging techniques to capture sensitive information entered on infected devices. Once installed, the malware can remotely control the phone, enabling cybercriminals to monitor activity and interact with apps without the user’s knowledge.
According to the researchers, Massiv specifically targeted a Portuguese government application linked to Chave Móvel Digital, Portugal’s digital authentication and electronic signature system. Access to this data could allow attackers to bypass identity verification processes and gain entry into banking platforms and other online services. In some cases, criminals reportedly opened new financial accounts using victims’ identities, later using those accounts for fraudulent transactions and money-laundering schemes.
The malware includes two remote-control modes. One allows attackers to live-stream the victim’s screen using Android’s MediaProjection API, while another extracts interface data through Android Accessibility services. This method enables attackers to read screen content, press buttons, and edit text fields, even bypassing security protections that normally block screenshots inside banking apps.
Researchers also noted a growing trend of malware campaigns using IPTV apps as bait. Because pirated IPTV services are often downloaded from unofficial sources rather than Google Play, users are more likely to install unknown APK files. Many of these fake apps either install malware directly or display legitimate streaming websites to appear authentic while secretly deploying malicious software.
ThreatFabric warns that users in Spain, Portugal, France, and Turkey have been primary targets so far, but similar campaigns could expand globally. Android users are advised to download apps only from official stores, keep Google Play Protect enabled, and regularly scan devices to reduce the risk of infection.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
