Insights, news, education and announcements from PolySwarm | Android banking trojan

Massiv Android Banking Trojan

Feb 23, 2026 2:39:35 PM / by The Hivemind posted in Threat Bulletin, device takeover, Android banking trojan, Android Overlay Attacks, IPTV masquerade, mobile banking fraud, remote control Android, Massiv malware, southern Europe threats

Verticals Targeted: Financial, Government
Regions Targeted: Southern Europe
Related Families: None

Executive Summary

Massiv represents an emerging Android banking Trojan family capable of overlay-based credential theft, keylogging, message interception, and full device takeover via remote control features, enabling fraudulent transactions and account manipulations. Distributed primarily through fake IPTV applications sideloaded outside official stores, it has facilitated confirmed fraud in southern Europe, particularly exploiting Portuguese government digital identity tools for bypassing security verifications.

Read More

Albiriox Android Malware

Dec 8, 2025 1:43:05 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, on-device fraud, overlay attacks, Android banking trojan, MaaS Malware, Mobile RAT, Android Overlay Attacks, Golden Crypt, Albiriox, Russian-speaking Threat Actors

Verticals Targeted: Financial, Cryptocurrency
Regions Targeted: Austria, Global
Related Families: None

Read More

RatOn Android Malware

Sep 19, 2025 2:18:19 PM / by The Hivemind posted in Threat Bulletin, overlay attacks, Accessibility Services abuse, RatOn, Android banking trojan, automated transfer system, cryptocurrency wallet takeover, mobile malware, NFSkate, NFC relay attack

Verticals Targeted: Financial
Regions Targeted: Czech Republic, Slovakia
Related Families: NFSkate

Executive Summary

RatOn is a sophisticated Android banking trojan that integrates NFC relay capabilities with remote access and automated transfer functionalities, marking a notable evolution in mobile fraud tactics.

Read More