Massiv Android banking malware disguised as IPTV app
Malware Activity
Summary
Hide ▲
Show ▼
The Massiv Android banking malware is posing as an IPTV app to steal digital identities and access online banking accounts. It uses screen overlays, keylogging, and remote control to capture credentials and manipulate infected devices. It was also seen targeting a Portuguese government app tied to Chave Móvel Digital, broadening the risk to authentication and banking workflows. The lure pattern has spread across Spain, Portugal, France, and Turkey, increasing the reach of the fraud operation.
Related Happenings
Ousaban banking trojan retooled for Spain and Portugal
Malware Activity
H score33
First: 01.07.2026 16:45
Last: 01.07.2026 16:45
Sources 1
About this happening:
The **Ousaban** banking trojan has been **retooled** to target **banking customers in Spain and Portugal**, raising the risk of **credential theft** and **bank fraud**. It uses **...
Ousaban banking trojan retooled for Spain and Portugal
Malware ActivityAbout this happening: The **Ousaban** banking trojan has been **retooled** to target **banking customers in Spain and Portugal**, raising the risk of **credential theft** and **bank fraud**. It uses **...
Rokarolla Android banking trojan activity
Malware Activity
H score26
First: 16.06.2026 16:15
Last: 16.06.2026 16:15
Sources 1
About this happening:
The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Rokarolla Android banking trojan activity
Malware ActivityAbout this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
Campaign
H score26
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
CampaignAbout this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Grandoreiro and BTMOB banking trojan activity targeting Windows and Android
Malware Activity
H score25
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...
Grandoreiro and BTMOB banking trojan activity targeting Windows and Android
Malware ActivityAbout this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...
Trapdoor Android malvertising and ad-fraud campaign
Campaign
H score39
First: 19.05.2026 19:38
Last: 19.05.2026 19:38
Sources 1
About this happening:
The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...
Trapdoor Android malvertising and ad-fraud campaign
CampaignAbout this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...
Timeline
-
19.02.2026 12:00 3 articles · 4mo ago
Massiv Android banking malware uses IPTV lures and remote control
Technical Analysis UpdateResearchers at ThreatFabric identified Massiv, a new Android banking malware that poses as an IPTV app to steal digital identities and access online banking accounts. It relies on screen overlays, keylogging, Android’s MediaProjection API live-streaming, and Accessibility Service UI-tree extraction to capture sensitive data and remotely control compromised devices, and it was linked to fake IPTV droppers targeting users in Spain, Portugal, France, and Turkey, including a campaign against a Portuguese government app connected to Chave Móvel Digital.
Show sources
- New 'Massiv' Android banking malware poses as an IPTV app — www.bleepingcomputer.com — 19.02.2026 12:00
- New 'Massiv' Android banking malware poses as an IPTV app — www.bleepingcomputer.com — 19.02.2026 12:00
- FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins — thehackernews.com — 05.06.2026 10:01