Ethical Hacking News
A new type of Android banking malware, dubbed "Massiv," has been discovered posing as an IPTV app on the Google Play Store. This malicious software is designed to steal users' digital identities and gain access to their online banking accounts. Android users are advised to be cautious when downloading apps from unofficial sources and to implement robust security measures to protect against malware threats.
Massiv, a banking malware, has been discovered on the Google Play Store posing as an IPTV app. The malware steals users' digital identities and gains access to their online banking accounts. Researchers have identified cases where Massiv targeted Portugal's government app that connects with Chave Móvel Digital. The malware provides two remote control modes for its operators, including screen live-streaming and UI-tree mode. The use of IPTV apps as lures for Android malware infections has increased over the past eight months. Android users are advised to download vetted apps from reputable publishers, keep Play Protect active, and regularly scan their devices.
Android banking malware, dubbed "Massiv," has been discovered to pose as an IPTV app on the Google Play Store. This malicious software is designed to steal users' digital identities and gain access to their online banking accounts.
Researchers at fraud detection and mobile threat intelligence company ThreatFabric have identified cases where Massiv targeted a Portuguese government app that connects with Chave Móvel Digital - Portugal’s digital authentication and signature system. The two services contain user data that could be used to bypass know-your-customer (KYC) verifications or access banking accounts and other public and private online services.
In addition to its ability to steal sensitive information, Massiv also provides two remote control modes for its operators: a screen live-streaming mode that leverages Android's MediaProjection API, and a UI-tree mode that extracts structured data from the Accessibility Service. The latter includes visible text, interface element names, screen coordinates, and interaction attributes, allowing attackers to click buttons, edit text fields, and more.
The use of IPTV apps as lures for Android malware infections has increased over the past eight months, according to ThreatFabric's research. These apps typically play a key role in copyright infringement and cannot be found on Google Play due to policy violations. However, they can often be sourced from unofficial channels, which is considered normal for users accustomed to sideloading them.
Fake IPTV app droppers have primarily targeted users in Spain, Portugal, France, and Turkey. In most cases, the IPTV app is fake, does not offer access to pirated broadcasts, and the APK is a dropper that installs the malware payload. In some cases, the app displays a legitimate IPTV website in a WebView to maintain the illusion.
Android users are recommended to only download vetted apps from reputable publishers available on official channels (Google Play), keep Play Protect active, and use it to regularly scan the device.
The discovery of Massiv highlights the need for vigilance among Android users when downloading apps from unofficial sources. It also underscores the importance of implementing robust security measures, such as regular scanning and updating, to protect against malware threats.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Massiv-Android-Banking-Malware-Posing-as-IPTV-App-Threatens-User-Digital-Identities-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-massiv-android-banking-malware-poses-as-an-iptv-app/
https://www.bankinfosecurity.com/massiv-attack-android-trojan-targets-iptv-users-a-30794
https://www.threatfabric.com/blogs/massiv-when-your-iptv-app-terminates-your-savings
Published: Thu Feb 19 04:27:01 2026 by llama3.2 3B Q4_K_M
