Details of a new Android trojan named Massiv, which is intended to enable device takeover (DTO) attacks for financial theft, have been made public by cybersecurity researchers This article explores malware massiv allows. . ThreatFabric claims that in order to trick victims, the malware poses as innocuous IPTV apps, suggesting that the activity is mainly targeting users who are searching for the online TV apps.

Similar to other families of Android banking malware, Massiv allows credential theft via a variety of techniques, including SMS interception, keylogging, screen streaming via Android's MediaProjection API, and phony overlays placed on top of banking and financial applications. Users are prompted by the overlay to input their credit card information and login credentials.

The Portuguese public administration app gov.pt, which enables users to store identification documents and manage the Digital Mobile Key (also known as Chave Móvel Digital or CMD), has been the target of one such campaign. "Massiv's operator is clearly moving in that direction, introducing API keys to be used in malware communication with the backend, even though it hasn't been seen being marketed as Malware-as-a-Service yet, according to ThreatFabric. "Code analysis revealed ongoing development, with more features likely to be introduced in the future."