Heimdal
Home > Cybersecurity News

SOVA Android Banking Trojan Becomes Even More Powerful

Major Ransomware Upgrade for This Malware.

Last updated on August 23, 2022

article featured image

Contents:

A new version of SOVA, an Android banking trojan, has been launched. This fifth version contains improved functions and code enhancements that translate into a ransomware module used to encrypt files on Android devices.

SOVA, like any information stealing trojan, is built to snatch credentials and cookies, evade multi-factor authentication, and harm Android’s Accessibility Service to monitor the victim’s device screen.

SOVA v5, what Is New

According to Cyware, the new and improved version of SOVA allows the trojan “to target over 200 banking, digital wallet, and cryptocurrency exchange applications, with attempts to steal, encrypt and lock important data and cookies”.

Among the novelties of SOVA are:

  • a ransomware unit that encrypts the files on the target’s device.
  • rewritten features and advanced code that enables the attacker to stay hidden on the Android device that has been damaged.
  • the VNC module is missing this time, but this only indicates that the v5 version is still work in progress. Even in its current incomplete form, this version of SOVA is ready for widespread deployment.

Past Versions of SOVA

Since its release in September 2021, SOVA has been updated according to a roadmap announced by the malware’s authors. But even according to the plan of future updates, the new upgraded version 5 is up and running even faster than expected.

In March 2022 SOVA version 3 was created. This version had:

2FA interception, cookie stealing, and new injections for multiple banks. Injections are overlays shown over genuine login prompts to steal credentials, (e.g. bank apps).

Source

The third version was followed by the fourth in July 2022. This variant included virtual network computing capabilities for on-device fraud and increased the number of targeted applications to 200.

Because of the continuous improvements that are done to SOVA malware every few months, cybersecurity professionals need to employ smart cybersecurity solutions in order to keep up with the changes and updates.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Related Articles

Accidental Exposure of Sensitive Data for Chase Bank Customers70 Financial Institutions in Europe and South America Targeted by Banking Trojan BizarroAndroid Permissions Can Be Dangerous: Full Guide to Managing Them

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V