A wave of malicious Android apps disguised as IPTV streaming services is quietly hijacking sensitive financial data, according to new research from cybersecurity firm ThreatFabric. Unlike typical phishing scams, these apps don’t just ask for passwords—they actively steal them by logging keystrokes and overlaying fake screens to bypass banking app protections.

The malware, dubbed Massiv, doesn’t just capture credentials—it can remotely control infected devices, open fraudulent financial accounts, and even launder money through stolen identities. While the apps mimic legitimate IPTV interfaces, they’re entirely non-functional, serving only as a Trojan horse to deploy the malware in the background.

To keep users hooked, attackers embed cloned versions of real IPTV websites within the apps, creating the illusion of functionality while the malware operates silently. The campaign has already targeted European users heavily, with Portuguese victims among the most affected.

Fake IPTV Apps Are Stealing Bank Logins—Here’s How to Avoid the Trap
  • Malware name: Massiv
  • Primary attack vector: Fake IPTV apps (non-functional)
  • Key tactics: Keylogging, screen overlays, remote device control
  • Targeted region: Europe (Portugal hardest hit)
  • End goal: Steal banking credentials, open fraudulent accounts, launder money

While legal IPTV apps exist in official stores like Google Play, the malicious versions are distributed through third-party sites—often violating copyright laws in the process. The real danger lies in their deceptive appearance: they look and feel like legitimate streaming tools but are designed solely to harvest data.

To protect against this threat, users should avoid sideloading apps from unofficial sources, disable unnecessary permissions for new installations, and enable Google Play Protect for added security. Installing a trusted antivirus app can also help detect suspicious behavior before it escalates.

This isn’t the first time malware has disguised itself as entertainment software, but the sophistication of Massiv—particularly its ability to evade banking app safeguards—makes it one of the more aggressive threats in recent memory.