A banking Trojan for Android has been discovered that, despite being in its earliest stages of development, those who discovered it believe it has the potential to become “one of the most advanced bots in circulation.” The SOVA Trojan is a banking Trojan that plans to incorporate ransomware capabilities and be capable of launching distributed denial of service (DDoS) and man in the middle (MitM) attacks.
SOVA, which means “owl” in Russian, was discovered in August by researchers at ThreatFabric. The analyzes indicate that the malware is in an early stage, but even in this precarious instance the malware tries to steal bank credentials, access information to virtual wallets and personal data of users that could be used to commit identity theft crimes. The current version of the program can act as a keylogger, hide notifications, steal cookies and alter the clipboard, plus it has promise of incorporating VNC fraud, launching DDoS attacks, overlay attacks, spreading ransomware and intercepting two-factor authentication codes, among others. other things.
In fact, the functionality of stealing session cookies makes this Trojan stand out, since this functionality allows criminals to have access to valid user sessions without having to know the bank credentials.
One of the concerns is the high level of updates and the ambitious roadmap the malware developers have planned for SOVA The author publicly announces the possibility of testing this new product aimed at a large number of banks in order to improve the bot’s functionalities, and to test it on a wide variety of mobile devices. In addition to testing, the authors have established a clear roadmap of future features to be implemented in the malware.
This year we’ve seen an explosion of Android banking malware families. The global pandemic has changed the way we interact and has led to an even greater increase in the use of mobile payments. For this reason, it is not surprising that threat actors have followed the massive shift towards mobile banking and that is why we must be more cautious than ever.
Also check:
Numando new Banking Trojan Lurking on the Web
Tetrade family of banking Trojans
