Massiv Malware Targets Mobile Banking Users Through Bogus IPTV Downloads
Cybersecurity firm ThreatFabric has identified a new Android malware strain called Massiv that enables criminals to take over victims’ phones and steal money from their bank accounts.
The malware spreads through fake IPTV apps distributed via SMS phishing. Posing as an “important update,” it tricks users into granting permissions that give attackers full control of the device. Findings shared with The Hacker News warn that despite limited campaigns so far, the threat to mobile banking users is significant.
Massiv has primarily targeted users in Portugal and Greece. In one campaign, attackers impersonated Portugal’s government services app, gov.pt, stealing phone numbers and PIN codes — in some cases using the data to open bank accounts for fraud or money laundering.
Once installed, Massiv can remotely control the phone, hide activity with a black screen, intercept text messages, capture banking credentials, and install additional malware. Unlike some past cases, legitimate IPTV apps were not infected. Instead, fake apps were created solely to distribute the malicious software.
How to Protect Yourself
- Avoid downloading apps from links sent via SMS or messaging apps
- Install apps only from official app stores
- Be cautious of streaming or IPTV apps offering “free” content
- Carefully review app permissions before granting access
- Avoid allowing apps to install software from unknown sources
- Keep your phone’s operating system and apps updated
- Use mobile security software from trusted providers
- Immediately contact your bank if you notice suspicious activity
Massiv highlights the growing sophistication of Android banking threats — and the increasing risks facing mobile users worldwide.
Source: https://thehackernews.com/2026/02/fake-iptv-apps-spread-massiv-android.html