Massiv, a new Android banking malware, is posing as an IPTV app to steal digital identities and access online banking accounts. The malware uses sophisticated techniques such as screen overlays, keylogging, and remote control to compromise devices.
Targeted Regions and Methods
ThreatFabric has observed Massiv targeting a Portuguese government app linked to Chave Móvel Digital. This connection allows attackers to bypass KYC verifications and access banking services. The malware has primarily targeted users in Spain, Portugal, France, and Turkey over the past eight months.
Technical Capabilities
Massiv offers two remote control modes: a screen live-streaming mode using Android's MediaProjection API and a UI-tree mode via the Accessibility Service. These modes enable attackers to extract visible text, interact with interface elements, and bypass screen-capture protections in sensitive apps.
Security Recommendations
Researchers recommend downloading apps only from official channels like Google Play, keeping Play Protect active, and regularly scanning devices. This approach helps mitigate the risks posed by fake IPTV apps used as malware droppers.
