Massiv Android Malware Poses as Streaming App, Steals Banking Data

A new Android malware campaign, dubbed 'Massiv,' is using a convincing disguise to rob users: a fully functional streaming app. Security researchers report the malicious software, posing as an IPTV service, is designed to steal banking credentials and personal data from millions of users, primarily in Europe and Latin America.

The app, distributed through third-party stores and social media, works well enough as a streamer to avoid raising alarms. In the background, however, it uses accessibility permissions to create fake login screens that appear over legitimate banking apps. When users enter their details, they are sent directly to the attackers. The malware also intercepts SMS messages, bypassing a common form of two-factor authentication used by banks.

This operation is sophisticated. The criminals maintain a distribution network with customer support and subscription models, making the malicious service hard to distinguish from a real one. The malware's infrastructure is resilient, using multiple backup servers to stay online even if some are shut down.

The scheme exploits a common behavior: users seeking free or cheap streaming content often download apps from unofficial sources, sidestepping Google Play Store protections. The attackers even instruct users to disable Google's Play Protect during installation, framing it as a necessary step.

Security advice is straightforward but critical. Be extremely wary of any streaming app installed outside the official Play Store. Check device permissions for anything unusual and watch for excessive battery or data use, which can signal hidden malware. For businesses, this threat highlights the need for policies that restrict app sideloading on work devices. As long as demand for unofficial streaming remains high, these sophisticated traps will continue to be set.