Security News > 2022 > August > SOVA Android Banking Trojan Returns With New Capabilities and Targets

SOVA Android Banking Trojan Returns With New Capabilities and Targets
2022-08-16 09:20

The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out.

In less than a year, the trojan has also acted as a foundation for another Android malware called MaliBot that's designed to target online banking and cryptocurrency wallet customers in Spain and Italy.

"These features, combined with Accessibility services, enable to perform gestures and fraudulent activities from the infected device, as we have already seen in other Android Banking Trojans," Cleafy researchers Francesco Iubatti and Federico Valentini said.

What's more, all the 13 Russian and Ukraine-based banking apps that were targeted by the malware have since been removed from the version.

The banking trojan, feature-rich as it is, is also expected to incorporate a ransomware component in the next iteration, which is currently under development and aims to encrypt all files stored in the infected device using AES and rename them with the extension ".

"The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape," the researchers said.


News URL

https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html