Massiv Android trojan device-takeover and credential-theft activity
Malware Activity
Summary
Hide ▲
Show ▼
The Massiv Android trojan has been disclosed as a device-takeover threat that can steal banking credentials and enable fraudulent transactions. It uses screen streaming, keylogging, SMS interception, and fake overlays to control infected phones and capture sensitive inputs. The malware is being spread through SMS phishing dropper apps that impersonate IPTV software, and one campaign has already targeted gov.pt. The activity has been seen across Spain, Portugal, France, and Turkey, making the threat relevant to mobile banking users beyond a single locale.
Related Happenings
RedWing Android spyware rented through Telegram
Malware Activity
H score21
First: 08.07.2026 18:30
Last: 08.07.2026 18:30
Sources 1
About this happening:
The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...
RedWing Android spyware rented through Telegram
Malware ActivityAbout this happening: The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...
RedWing Android bank-fraud malware rental service
Malware Activity
H score21
First: 07.07.2026 20:10
Last: 07.07.2026 20:10
Sources 1
About this happening:
The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...
RedWing Android bank-fraud malware rental service
Malware ActivityAbout this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...
Rokarolla Android banking trojan activity
Malware Activity
H score26
First: 16.06.2026 16:15
Last: 16.06.2026 16:15
Sources 1
About this happening:
The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Rokarolla Android banking trojan activity
Malware ActivityAbout this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
NFCShare Android malware spreads via fake banking-app updates
Malware Activity
H score21
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare Android malware spreads via fake banking-app updates
Malware ActivityAbout this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare fake banking-app update phishing campaign
Campaign
H score40
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
NFCShare fake banking-app update phishing campaign
CampaignAbout this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
Timeline
-
19.02.2026 12:24 2 articles · 4mo ago
Massiv Android trojan disclosed
Initial DisclosureResearchers disclosed Massiv, a new Android trojan designed for device takeover and financial theft that masquerades as IPTV apps and is delivered through SMS phishing. Massiv supports screen streaming through Android's MediaProjection API, keylogging, SMS interception, fake overlays on banking and financial apps, and remote control via accessibility abuse; one campaign targeted gov.pt, and the activity was reported across Spain, Portugal, France, and Turkey.
Show sources
- Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users — thehackernews.com — 19.02.2026 12:24
- Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users — thehackernews.com — 19.02.2026 12:24