Cybersecurity researchers uncovered a dangerous new Android trojan. They call it Massiv. Fake IPTV apps deliver this malware to steal banking credentials and take over devices.
How the Malware Spreads
Attackers send SMS phishing messages. These messages push fake IPTV apps. Victims download and install the dropper. It looks like a normal TV streaming tool. The dropper asks for permission to install from unknown sources. It then installs the real Massiv trojan. For example, one dropper pretends to be “IPTV24.” Another uses the name “Google Play” to trick users.
Massiv focuses on mobile banking users. It enables device takeover attacks. Attackers perform fraudulent transactions from the victim’s account. The malware targets Portugal, Greece, Spain, France, and Turkey mostly.
Campaigns started small in early 2025. They grew more targeted this year. Therefore, financial fraud risks increase quickly for victims.
Powerful Stealing Features
Massiv uses several methods to grab credentials. It streams screens through MediaProjection API. It logs keystrokes and intercepts SMS messages. Fake overlays appear over banking apps to capture details.
When apps block screen capture, Massiv switches to UI-tree mode. It scans AccessibilityNodeInfo objects. This builds a JSON view of the screen. Attackers see text, coordinates, and clickable elements.
Remote Control Abilities
Massiv supports many harmful actions. It enables black overlays and mutes sound. It performs clicks, swipes, and clipboard changes. Moreover, it unlocks devices with patterns or PINs.
The trojan downloads overlay ZIPs for specific apps. It installs additional APKs quietly. It opens settings screens to disable protections. Attackers gain full remote control this way.
Evasion and Communication
Massiv communicates with a backend server. It uses API keys for secure talks. This setup shows ongoing development. New features may appear soon. The malware acts like a turnkey solution. Operators show signs of Malware-as-a-Service plans. Therefore, more cybercriminals could adopt it fast.
Fake IPTV droppers surged in recent months. They target users seeking free TV apps. Massiv joins a crowded field of banking trojans. Its advanced overlay and UI-tree tricks make it stand out.
This reflects high demand for mobile takeover tools. Attackers refine techniques constantly. Consequently, banking users face rising dangers.
Prevention Strategies
Users can protect devices with simple strong habits. First, avoid installing apps from SMS links or unknown sources. Always download from official stores only. Moreover, use continuous monitoring to detect unusual accessibility service activity, screen overlays, or frequent outbound connections early.
Enable strict permission controls and review app requests carefully. Regularly scan devices for suspicious behavior. These steps greatly reduce the risk of Massiv and similar trojans taking control.
Sleep well, we got you covered.
