Security News > 2021 > September > SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

SOVA, Worryingly Sophisticated Android Trojan, Takes Flight
2021-09-10 16:25

A new Android banking trojan named SOVA is under active development, researchers said, and it has big dreams even in its infancy stage.

"Regarding the development, SOVA also stands out for being fully developed in Kotlin, a coding language supported by Android and thought by many to be the future of Android development," according to ThreatFabric.

SOVA already has one highly uncommon banking-trojan feature that stands out for Android malware, according to the analysis: The ability to steal session cookies, which allows the malware to piggyback on valid logged-in banking sessions, thus skirting the need to have banking credentials to access victim's accounts.

"The second set of features, added in the future developments, are very advanced and would push SOVA into a different realm for Android banking malware," they said.

"If the authors adhere to the roadmap, it will also be able to featureDDoS capabilities, ransomware and advanced overlay attacks. These features would make SOVA the most feature-rich Android malware on the market and could become the 'new norm' for Android banking trojans targeting financial institutions."

In some ways, SOVA could be following in the footsteps of TrickBot, a multiplatform malware that began life as a banking trojan before moving on to other types of cyberattacks and becoming one of the most popular and pervasive trojans used by bad actors across the globe.


News URL

https://threatpost.com/sova-sophisticated-android-trojan/169366/