A new version of SOVA, an Android banking trojan, has been launched. This fifth version contains improved functions and code enhancements that translate into a ransomware module used to encrypt files on Android devices.

SOVA, like any information stealing trojan, is built to snatch credentials and cookies, evade multi-factor authentication, and harm Android’s Accessibility Service to monitor the victim’s device screen.

SOVA v5, what Is New

According to Cyware, the new and improved version of SOVA allows the trojan “to target over 200 banking, digital wallet, and cryptocurrency exchange applications, with attempts to steal, encrypt and lock important data and cookies”.

Among the novelties of SOVA are:

  • a ransomware unit that encrypts the files on the target’s device.
  • rewritten features and advanced code that enables the attacker to stay hidden on the Android device that has been damaged.
  • the VNC module is missing this time, but this only indicates that the v5 version is still work in progress. Even in its current incomplete form, this version of SOVA is ready for widespread deployment.

Past Versions of SOVA

Since its release in September 2021, SOVA has been updated according to a roadmap announced by the malware’s authors. But even according to the plan of future updates, the new upgraded version 5 is up and running even faster than expected.

In March 2022 SOVA version 3 was created. This version had:

2FA interception, cookie stealing, and new injections for multiple banks. Injections are overlays shown over genuine login prompts to steal credentials, (e.g. bank apps).


The third version was followed by the fourth in July 2022. This variant included virtual network computing capabilities for on-device fraud and increased the number of targeted applications to 200.

Because of the continuous improvements that are done to SOVA malware every few months, cybersecurity professionals need to employ smart cybersecurity solutions in order to keep up with the changes and updates.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Accidental Exposure of Sensitive Data for Chase Bank Customers

70 Financial Institutions in Europe and South America Targeted by Banking Trojan Bizarro

Android Permissions Can Be Dangerous: Full Guide to Managing Them

Leave a Reply

Your email address will not be published. Required fields are marked *