Security News > 2022 > August > SOVA malware adds ransomware feature to encrypt Android devices
The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.
With the latest release, the SOVA malware now targets over 200 banking, cryptocurrency exchange, and digital wallet applications, attempting to steal sensitive user data and cookies from them.
In March 2022, SOVA released version 3, adding 2FA interception, cookie stealing, and new injections for multiple banks worldwide.
More recently, Cleafy sampled an early release of SOVA v5, which comes with numerous code improvements and the addition of new features such as a ransomware module.
"The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data." - Cleafy.
Even in its current, unfinished form, SOVA v5 is ready for mass deployment, according to Cleafy, so vigilance is advised to all Android users.
News URL
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)
- Android malware found on Amazon Appstore disguised as health app (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)