Security News > 2022 > August > SOVA Android Banking Trojan Returns With New Capabilities and Targets
The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out.
In less than a year, the trojan has also acted as a foundation for another Android malware called MaliBot that's designed to target online banking and cryptocurrency wallet customers in Spain and Italy.
"These features, combined with Accessibility services, enable to perform gestures and fraudulent activities from the infected device, as we have already seen in other Android Banking Trojans," Cleafy researchers Francesco Iubatti and Federico Valentini said.
What's more, all the 13 Russian and Ukraine-based banking apps that were targeted by the malware have since been removed from the version.
The banking trojan, feature-rich as it is, is also expected to incorporate a ransomware component in the next iteration, which is currently under development and aims to encrypt all files stored in the infected device using AES and rename them with the extension ".
"The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape," the researchers said.
News URL
https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html
Related news
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (source)
- Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (source)