Find notable cyber news and cases, enriched with sources, timelines, and signals.

Massiv Android banking malware disguised as IPTV app

Malware Activity
First reported
Last updated
Happening score
H score 27
2 unique sources, 2 articles

Summary

Hide ▲

The Massiv Android banking malware is posing as an IPTV app to steal digital identities and access online banking accounts. It uses screen overlays, keylogging, and remote control to capture credentials and manipulate infected devices. It was also seen targeting a Portuguese government app tied to Chave Móvel Digital, broadening the risk to authentication and banking workflows. The lure pattern has spread across Spain, Portugal, France, and Turkey, increasing the reach of the fraud operation.

Related Happenings

Ousaban banking trojan retooled for Spain and Portugal

Malware Activity
H score33 First: 01.07.2026 16:45 Last: 01.07.2026 16:45 Sources 1

About this happening: The **Ousaban** banking trojan has been **retooled** to target **banking customers in Spain and Portugal**, raising the risk of **credential theft** and **bank fraud**. It uses **...

Rokarolla Android banking trojan activity

Malware Activity
H score26 First: 16.06.2026 16:15 Last: 16.06.2026 16:15 Sources 1

About this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
H score26 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
H score25 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...

Trapdoor Android malvertising and ad-fraud campaign

Campaign
H score39 First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Timeline

  1. 19.02.2026 12:00 3 articles · 4mo ago

    Massiv Android banking malware uses IPTV lures and remote control

    Technical Analysis Update

    Researchers at ThreatFabric identified Massiv, a new Android banking malware that poses as an IPTV app to steal digital identities and access online banking accounts. It relies on screen overlays, keylogging, Android’s MediaProjection API live-streaming, and Accessibility Service UI-tree extraction to capture sensitive data and remotely control compromised devices, and it was linked to fake IPTV droppers targeting users in Spain, Portugal, France, and Turkey, including a campaign against a Portuguese government app connected to Chave Móvel Digital.

    Show sources