Massiv Android Banking Malware Disguises as IPTV App, Steals User Data

Post Views: 17

Massiv Android Banking Malware Disguises Itself as IPTV App

Researchers at ThreatFabric have identified a new Android banking malware, dubbed Massiv, which disguises itself as an IPTV app to steal sensitive data and access online banking accounts.

Malware Capabilities

The malware utilizes screen overlays and keylogging techniques to obtain digital identities, and can also take remote control of compromised devices.

According to ThreatFabric’s report, the malware has been used to open new accounts in the name of unsuspecting victims, which are then used for money laundering and other malicious activities.

Remote Control Capabilities

Massiv’s operators can control compromised devices in two modes: a screen live-streaming mode that leverages Android’s MediaProjection API, and a UI-tree mode that extracts structured data from the Accessibility Service.

UI-Tree Mode

The latter mode allows attackers to extract visible text, interface element names, screen coordinates, and interaction attributes, enabling them to interact with compromised devices and bypass screen-capture protections.

Targeted Campaigns

In a recent campaign, Massiv targeted a Portuguese government app connected to the Chave Móvel Digital system, which contains user data that could be used to bypass know-your-customer (KYC) verifications or access banking accounts and other online services.

Increasing Trend of IPTV App Lures

The discovery of Massiv highlights a growing trend in the use of IPTV apps as lures for Android malware infections.

Unofficial Channels

These apps, often used for copyright infringement, are typically not available on Google Play due to policy violations and are instead sourced as APKs from unofficial channels.

Precautions and Risks

Android users are advised to exercise caution when installing apps from unofficial sources, as this can increase the risk of malware infections.

ThreatFabric’s research indicates that fake IPTV-masking malware droppers have primarily targeted users in Spain, Portugal, France, and Turkey.

Conclusion

The use of IPTV apps as a lure for malware infections is a concerning trend, as it exploits the trust of users who are accustomed to sideloading these types of apps.

As the threat landscape continues to evolve, it is essential for users to remain vigilant and take necessary precautions to protect their devices and sensitive data.