How I prep my solar power stations for weather emergencies – before it’s too late

With severe weather becoming more common, you need a plan before the lights go out. Here’s mine.

Latest news – ​Read More

How fake Android IPTV apps are stealing users’ money and data | Kaspersky official blog

Threat actors are already gearing up for this year’s biggest football (soccer) event, the FIFA World Cup 2026. With millions of fans looking for ways to stream matches online, many will turn to IPTV apps to watch live TV broadcasts over the internet. It’s no surprise, then, that cybersecurity researchers have discovered multiple campaigns over the past few months where malware was disguised as fake Android IPTV apps.

In this post, we discuss what IPTV apps are, how criminals use fake versions to spread malware, what this malware is capable of, and, most importantly, how to avoid becoming a victim.

What are IPTV apps?

IPTV stands for Internet Protocol Television. This technology delivers TV content over the internet instead of through cable, over-the-air antennas, or satellites. Naturally, the simplest and most common examples of IPTV are the official platforms of TV networks, which can include both websites and dedicated apps.

However, alongside official options, pirate IPTV services also exist. They usually lure users with free or dirt-cheap access to content that can otherwise be hard to find without expensive subscriptions — most notably broadcasts of various sporting events; football matches in particular.

As is typically the case with pirated content, these apps are blocked from official app stores, forcing users to download them from third-party sites. Consequently, the risk of using these services isn’t tied to IPTV technology itself, but rather to the fake apps and modified APK files distributed under the guise of well-known platforms — both official and pirated.

Massiv banking Trojan disguised as IPTV apps

For instance, in February researchers found the Massiv banking Trojan distributed under the guise of fake IPTV apps. Even then, experts noted that this wasn’t the only malware leveraging this tactic — several others were also spotted in the wild. The primary targets of these IPTV-mimicking malicious fakes have mostly been users in Portugal, Spain, France, and Türkiye.

In most cases, the discovered fake IPTV apps lacked the advertised functionality, so users didn’t get access to any content after installing the apps. Instead, the fake app would open the website of a legitimate IPTV service in a built-in browser to mimic normal functioning and avoid raising user suspicion.

Of course, the most interesting activity happened out of the user’s sight. These are some of the features the malware did have:

  • Displaying fake windows on top of legitimate ones: fake forms for entering bank details or signing in to official services, as shown in the screenshot below.
  • Activating a keylogger: recording and transmitting screen keyboard taps to the attackers.
  • Hijacking control of the compromised device.
Massiv Trojan steals Chave Móvel Digital data

The Massiv banking Trojan mimics the interface of the Portuguese government app Chave Móvel Digital in a fake pop-up window, looking even more convincing than the official version from Google Play. Source

Perseus steals valuable information from users’ notes

In March, researchers reported on a new campaign where several fake IPTV apps were used to distribute an even more advanced and feature-rich malware strain: Perseus.

Research into Perseus shows that the malware is based on the source code of an Android banking Trojan called Cerberus, which leaked nearly six years ago. Perseus comes in two different versions: Turkish and English. The English-language version is more advanced and shows clear signs of AI-driven refinement.

Perseus abuses Accessibility Services, a set of Android features originally designed to make life easier for users with severe visual impairments. Fraudsters learned long ago how to leverage this tool to steal data from Android devices — a topic we’ve covered in detail across several of our posts.

Fake IPTV app used for distributing Perseus

An example of a malicious APK disguised as Roja Directa TV, another IPTV app. Source

By abusing Accessibility Services, Perseus gains remote control over the victim’s device. Here’s what it can do:

  • Continuously capture and exfiltrate screenshots.
  • Send a structured map of the device’s UI for remote manipulation.
  • Mimic taps, swipes, text input, long presses, and other UI interactions.
  • Turn on the screen, launch apps, and block them from running.
  • Trigger a pitch-black screen overlay to hide its activities.
  • Log keystrokes.

On top of that, the English-language version of Perseus boasts another notable feature. The malware can hunt for sensitive information like passwords, recovery phrases, and financial data across an entire range of note-taking apps: Google Keep, Xiaomi Notes, Samsung Notes, ColorNote, Evernote, Microsoft OneNote, and Simple Notes.

All of these capabilities help criminals drain football fans’ money not just from various banking services, but from cryptocurrency apps as well.

How not to let cybercrooks ruin your World Cup

The World Cup is just around the corner, and millions of fans worldwide will definitely want to tune in to this year’s premier football event. Past experience shows that cybercriminals frequently cash in on major spectacles like this. So, how can you watch the  matches safely?

  • Don’t download apps from unofficial stores.
  • Even when downloading an app from an official store — since malware occasionally slips through the cracks there, too— read the reviews carefully. Users who have been burned by fakes and malware often leave comments to warn others.
  • Install a robust security app to keep all your devices safe from malware.
  • Avoid storing passwords or other sensitive information in note-taking apps. To ensure your data and finances stay secure, use a reliable password manager. By the way, Kaspersky Password Manager includes an encrypted note-taking feature, allowing you to store your valuable information safely.

You can’t even watch TV safely anymore these days! Check out other threats facing TV lovers:

Kaspersky official blog – ​Read More

This Lenovo laptop I tested rivals the MacBook Air in ways Windows PCs once struggled in

The Slim 7x (2026) has impressive performance improvements, but its target user – the modern professional – remains the same.

Latest news – ​Read More

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March.

The post California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach appeared first on SecurityWeek.

SecurityWeek – ​Read More

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025.

GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to

The Hacker News – ​Read More

5 best practices for migrating to a new CRM

Switching CRMs risks data loss and workflow disruption. These five best practices keep things on track.

Latest news – ​Read More

I tried different Android Auto weather apps – these 3 are best for storm nerds like me

There aren’t many weather apps for Android Auto, but the ones I found work very well.

Latest news – ​Read More

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates.

According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

The Hacker News – ​Read More

The Deliverability Problem: How New Platforms Are Solving Inbox Placement

Email still reaches more people than any other digital channel. Getting it to actually land in the inbox…

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026.

“Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged

The Hacker News – ​Read More