Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Massiv Android banking malware disguised as IPTV app

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The Massiv Android banking malware is posing as an IPTV app to steal digital identities and access online banking accounts. It uses screen overlays, keylogging, and remote control to capture credentials and manipulate infected devices. It was also seen targeting a Portuguese government app tied to Chave Móvel Digital, broadening the risk to authentication and banking workflows. The lure pattern has spread across Spain, Portugal, France, and Turkey, increasing the reach of the fraud operation.

Related Happenings

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

Open Happening

Trapdoor Android malvertising and ad-fraud campaign

Campaign
First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Open Happening

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria

Campaign
First: 11.05.2026 18:15 Last: 11.05.2026 18:15 Sources 1

About this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

Timeline

  1. 19.02.2026 12:00 2 articles · 3mo ago

    Massiv Android banking malware uses IPTV lures and remote control

    Technical Analysis Update

    Researchers at ThreatFabric identified Massiv, a new Android banking malware that poses as an IPTV app to steal digital identities and access online banking accounts. It relies on screen overlays, keylogging, Android’s MediaProjection API live-streaming, and Accessibility Service UI-tree extraction to capture sensitive data and remotely control compromised devices, and it was linked to fake IPTV droppers targeting users in Spain, Portugal, France, and Turkey, including a campaign against a Portuguese government app connected to Chave Móvel Digital.

    Show sources
    Open in new tab