IPTV Archives

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.

AppWizard

March 19, 2026

New Android malware hiding in streaming apps to spy on users’ personal notes

Researchers have discovered a sophisticated malware called Perseus that targets Android users by disguising itself within television streaming applications to steal sensitive information, including passwords and banking details. This malware, reported by ThreatFabric, primarily affects users in Turkey and Italy and is based on the leaked code of previous Android banking trojans, particularly Cerberus. Perseus masquerades as IPTV service apps, often downloaded from unofficial sources, and employs overlay attacks and keylogging techniques to capture user credentials. It specifically targets personal note-taking applications like Google Keep, Evernote, and Simple Notes to extract sensitive information stored within them. The malware landscape is evolving, with new threats like the banking trojan Herodotus and the Crocodilus variant, which can manipulate contact lists. Users are advised to be cautious when downloading applications from unofficial sources.

AppWizard

February 21, 2026

Android users put on high alert: Malware hides in TV streaming apps

A new strain of malware called Massiv has been identified by the fraud detection firm ThreatFabric. This malware disguises itself as legitimate IPTV applications to steal financial information and identities. IPTV refers to Internet Protocol Television, often associated with unauthorized content streaming. Many of these malicious apps are not found on reputable platforms, leading users to unofficial sources where malware can be embedded. The malware can monitor screens in real-time and extract data from the phone's Accessibility Service, allowing attackers to interact with devices without users' knowledge. Cybercriminals can then open bank accounts in victims' names, leading to debts with banks the victims have never interacted with. ThreatFabric has noted an increase in fake IPTV applications used for malware delivery, particularly in Portugal, Spain, France, and Turkey. Many of these apps do not provide free content but instead deliver malware. Users are advised to avoid sideloading applications from untrusted sources.

AppWizard

February 20, 2026

Dangerous Massiv Android malware poses as IPTV app to infect devices and steal banking info

Security researchers from ThreatFabric have identified a deceptive application named “Massiv,” which masquerades as a legitimate IPTV service but is actually a banking trojan designed to compromise users' financial security. The malware primarily targets users in Portugal, using tactics like screen overlays and keylogging to steal sensitive data. Many users download unofficial IPTV apps, which are often fraudulent and do not provide access to pirated broadcasts. The stolen information is exploited by cybercriminals to open fraudulent bank accounts and launder money, putting victims in precarious financial situations and posing risks to the integrity of financial systems.

AppWizard

February 19, 2026

New ‘Massiv’ Android banking malware poses as an IPTV app

A new strain of Android banking malware called Massiv is disguised as an IPTV application to steal digital identities and access online banking accounts. It uses screen overlays and keylogging techniques to capture sensitive information and can take remote control of compromised devices. Massiv has been observed targeting a Portuguese government application related to Chave Móvel Digital, which contains user data that could bypass know-your-customer (KYC) verifications. The malware allows fraudsters to open accounts in the victim's name at new banks and services, enabling money laundering and loan acquisition. Massiv features two remote control modes: a screen live-streaming mode and a UI-tree mode that extracts structured data from the Accessibility Service. There has been an increase in the use of IPTV applications as bait for Android malware infections, with many of these apps serving as droppers for the malware. The fake IPTV apps primarily target users in Spain, Portugal, France, and Turkey. Users are advised to download applications only from reputable sources and keep security measures active.