Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Massiv Android trojan device-takeover and credential-theft activity

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The Massiv Android trojan has been disclosed as a device-takeover threat that can steal banking credentials and enable fraudulent transactions. It uses screen streaming, keylogging, SMS interception, and fake overlays to control infected phones and capture sensitive inputs. The malware is being spread through SMS phishing dropper apps that impersonate IPTV software, and one campaign has already targeted gov.pt. The activity has been seen across Spain, Portugal, France, and Turkey, making the threat relevant to mobile banking users beyond a single locale.

Related Happenings

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

Open Happening

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...

Open Happening

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific

Campaign
First: 08.05.2026 18:08 Last: 08.05.2026 18:08 Sources 1

About this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...

Open Happening

Timeline

  1. 19.02.2026 12:24 2 articles · 3mo ago

    Massiv Android trojan disclosed

    Initial Disclosure

    Researchers disclosed Massiv, a new Android trojan designed for device takeover and financial theft that masquerades as IPTV apps and is delivered through SMS phishing. Massiv supports screen streaming through Android's MediaProjection API, keylogging, SMS interception, fake overlays on banking and financial apps, and remote control via accessibility abuse; one campaign targeted gov.pt, and the activity was reported across Spain, Portugal, France, and Turkey.

    Show sources
    Open in new tab