Security News > 2022 > August > SOVA malware adds ransomware feature to encrypt Android devices
The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.
With the latest release, the SOVA malware now targets over 200 banking, cryptocurrency exchange, and digital wallet applications, attempting to steal sensitive user data and cookies from them.
In March 2022, SOVA released version 3, adding 2FA interception, cookie stealing, and new injections for multiple banks worldwide.
More recently, Cleafy sampled an early release of SOVA v5, which comes with numerous code improvements and the addition of new features such as a ransomware module.
"The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data." - Cleafy.
Even in its current, unfinished form, SOVA v5 is ready for mass deployment, according to Cleafy, so vigilance is advised to all Android users.