Daily Tech News, Interviews, Reviews and Updates

New ransomware is added to the Advanced SOVA Android Banking Trojan

The Android banking Trojan SOVA has returned with improved functionality, and a brand-new version with a ransomware module is now being created.

Researchers at Cleafy, who saw the resurgence of SOVA, believe that Version 4 of SOVA targets more than 200 mobile applications, including banking apps and cryptocurrency exchanges/wallets. After the US and the Philippines, Spain appears to be the country that the malware is targeting most frequently.

The SOVA v4 virus is included in fake Android applications that bear the logos of well-known services like Chrome and Amazon. The most recent version includes a refactored and improved cookie-stealer approach that can now specify a list of targeted Google services and other applications. The update also gives the malware the ability to protect itself by detecting and preventing users’ attempts to uninstall the program.

The command-and-control (C2) interface in more current SOVA versions also allows attackers to seize control of specified targets. This increases the malware’s ability to adjust to a variety of attack scenarios. It also has tools that enable attackers to record instructions, capture screenshots, and run them. An attacker now has the chance to look for opportunities to switch to possibly more valuable systems or applications.

“The most fascinating component is connected to the [virtual network computing] capabilities,” the report claims. The fact that threat actors have been adding new features and functionalities to the malware since September 2021 is strong evidence that they are doing so. This capacity has been on the SOVA roadmap since that time.

Additionally, the Cleafy team found evidence that malware version 5, which will include a ransomware module that was first indicated in a September 2021 development plan, is currently under development.



Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More