How fake Android IPTV apps are stealing users’ money and data | Kaspersky official blog
Fake Android IPTV apps are being used by cybercriminals to distribute malware that steals user credentials, financial data, and cryptocurrency assets. These malicious apps often mimic legitimate IPTV services but provide no real content, instead using overlays and keyloggers to capture sensitive information. Notably, malware strains like the Massiv banking Trojan and Perseus exploit Android Accessibility Services to gain remote control of devices, capture screenshots, log keystrokes, and extract data from note-taking apps. The threat primarily targets users seeking free or cheap IPTV services, often distributed via unofficial third-party stores. Users are advised to avoid unofficial app sources and use robust security solutions to protect their devices and data.
AI Analysis
Technical Summary
Cybercriminals distribute fake Android IPTV apps that masquerade as legitimate or pirated IPTV services to infect devices with malware. The Massiv banking Trojan and Perseus malware strains have been identified using this tactic. Massiv displays fake login windows and records keystrokes to steal banking credentials. Perseus abuses Android Accessibility Services to remotely control devices, capture screenshots, mimic user interactions, and extract sensitive data including passwords and recovery phrases from popular note-taking apps. These capabilities enable attackers to steal money from banking and cryptocurrency accounts. The malware is primarily spread through third-party app stores and targets users in multiple countries, including Portugal, Spain, France, and Türkiye. The threat is heightened around major events like the FIFA World Cup 2026, when demand for IPTV apps surges.
Potential Impact
The malware distributed via fake IPTV apps can lead to theft of banking credentials, cryptocurrency assets, and other sensitive personal data. It can hijack device control, capture keystrokes, and exfiltrate screenshots and UI data, enabling attackers to bypass security controls and drain victims' financial accounts. The threat affects Android users who install IPTV apps from unofficial sources, exposing them to financial loss and privacy breaches. There are no known exploits in the wild beyond the described campaigns, but the impact on victims can be significant.
Mitigation Recommendations
No official patch or fix is applicable as this is malware distributed via fake apps rather than a software vulnerability. Users should avoid downloading IPTV apps from unofficial or third-party stores. Even when using official app stores, carefully review user feedback to detect potential fakes. Installing reputable mobile security software can help detect and block malicious apps. Avoid storing sensitive information such as passwords or recovery phrases in note-taking apps. Use a reliable password manager with encrypted storage for sensitive data. These measures reduce the risk of infection and data theft from such malware.
Affected Countries
Portugal, Spain, France, Türkiye
How fake Android IPTV apps are stealing users’ money and data | Kaspersky official blog
Description
Fake Android IPTV apps are being used by cybercriminals to distribute malware that steals user credentials, financial data, and cryptocurrency assets. These malicious apps often mimic legitimate IPTV services but provide no real content, instead using overlays and keyloggers to capture sensitive information. Notably, malware strains like the Massiv banking Trojan and Perseus exploit Android Accessibility Services to gain remote control of devices, capture screenshots, log keystrokes, and extract data from note-taking apps. The threat primarily targets users seeking free or cheap IPTV services, often distributed via unofficial third-party stores. Users are advised to avoid unofficial app sources and use robust security solutions to protect their devices and data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Cybercriminals distribute fake Android IPTV apps that masquerade as legitimate or pirated IPTV services to infect devices with malware. The Massiv banking Trojan and Perseus malware strains have been identified using this tactic. Massiv displays fake login windows and records keystrokes to steal banking credentials. Perseus abuses Android Accessibility Services to remotely control devices, capture screenshots, mimic user interactions, and extract sensitive data including passwords and recovery phrases from popular note-taking apps. These capabilities enable attackers to steal money from banking and cryptocurrency accounts. The malware is primarily spread through third-party app stores and targets users in multiple countries, including Portugal, Spain, France, and Türkiye. The threat is heightened around major events like the FIFA World Cup 2026, when demand for IPTV apps surges.
Potential Impact
The malware distributed via fake IPTV apps can lead to theft of banking credentials, cryptocurrency assets, and other sensitive personal data. It can hijack device control, capture keystrokes, and exfiltrate screenshots and UI data, enabling attackers to bypass security controls and drain victims' financial accounts. The threat affects Android users who install IPTV apps from unofficial sources, exposing them to financial loss and privacy breaches. There are no known exploits in the wild beyond the described campaigns, but the impact on victims can be significant.
Mitigation Recommendations
No official patch or fix is applicable as this is malware distributed via fake apps rather than a software vulnerability. Users should avoid downloading IPTV apps from unofficial or third-party stores. Even when using official app stores, carefully review user feedback to detect potential fakes. Installing reputable mobile security software can help detect and block malicious apps. Avoid storing sensitive information such as passwords or recovery phrases in note-taking apps. Use a reliable password manager with encrypted storage for sensitive data. These measures reduce the risk of infection and data theft from such malware.
Technical Details
- Article Source
- {"url":"https://www.kaspersky.com/blog/fake-iptv-apps-spread-android-malware/55872/","fetched":true,"fetchedAt":"2026-05-29T13:09:53.129Z","wordCount":1453}
Threat ID: 6a199021e29bf47b50e74856
Added to database: 5/29/2026, 1:09:53 PM
Last enriched: 5/29/2026, 1:09:59 PM
Last updated: 5/29/2026, 6:26:28 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.