Security News > 2022 > August > SOVA malware adds ransomware feature to encrypt Android devices
The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.
With the latest release, the SOVA malware now targets over 200 banking, cryptocurrency exchange, and digital wallet applications, attempting to steal sensitive user data and cookies from them.
In March 2022, SOVA released version 3, adding 2FA interception, cookie stealing, and new injections for multiple banks worldwide.
More recently, Cleafy sampled an early release of SOVA v5, which comes with numerous code improvements and the addition of new features such as a ransomware module.
"The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data." - Cleafy.
Even in its current, unfinished form, SOVA v5 is ready for mass deployment, according to Cleafy, so vigilance is advised to all Android users.
News URL
Related news
- Ransomware abuses Amazon AWS feature to encrypt S3 buckets (source)
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- BadBox malware disrupted on 500K infected Android devices (source)