As a result of the convenience of mobile streaming, user behavior has quietly been reshaped, normalizing the practice of downloading applications outside of official app marketplaces that have been guarded. In this gray area of digital consumption, a recently discovered Android banking Trojan known as Massiv has begun to circulate, resulting in an alert to security researchers.
A malware program disguised as an IPTV application and distributed by convincingly crafted third-party websites capitalizes on a routine that many users no longer question as a threat. Instead of providing a shortcut to premium or region-locked entertainment, cybercriminals are now using this shortcut as a conduit for financial intrusion, illustrating how cybercriminals are evolving in concert with changing consumer trends.
A subsequent technical analysis conducted by the ThreatFabric mobile threat intelligence team revealed that Massiv incorporates a multilayered attack framework designed to bypass contemporary mobile security safeguards. In addition to intercepting user input, the Trojan uses keylogging capabilities to capture authenticating credentials in real time through screen overlay techniques.
In Portugal, it primarily targets two critical applications, a government service platform and an accompanying digital authentication infrastructure known as Chave Móvel Digital.
The Massive product embeds itself within the Accessibility Service and extracts structured interface data, including visible text strings, user interface element identifiers, screen coordinates, and interaction metadata, enabling operators to reconstruct user sessions without relying solely upon traditional screen capture techniques.
According to researchers, this secondary data extraction method is particularly useful against banking and communication applications with screen recording restrictions, effectively neutralizing a common defensive control.
By collecting credentials and identity information, threat actors can go beyond immediate account compromise with their harvested credentials and identity data.
As a result of investigations, fraudulent financial accounts were opened by investigators on behalf of victims across institutions where they had never previously engaged.
Once these newly established accounts are fully controlled by the attackers, they are integrated into broader financial abuse schemes, facilitating illicit fund transfers, loan applications and structured cash outs.
It is important to note that the effect of the theft extends beyond temporary account access; victims may be exposed to long-term financial responsibilities linked to accounts and debts they did not authorize or recognize, thus illustrating a shift from opportunistic theft to systematic exploitation of people’s identities.
Throughout Massiv’s architecture, surveillance, deception, and remote manipulation techniques are combined to achieve sustained control over compromised devices through deliberate convergence. By deploying screen overlays mimicking legitimate login interfaces, the malware attempts to harvest credentials unknowingly, prompting users to provide their authentication information into attacker-controlled forms.
The embedded keylogging functionality allows for the collection of credentials and other sensitive data in real time by capturing typed
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: