A new advanced banking trojan called SOVA has been discovered targeting banking applications, cryptocurrency wallets, and shopping apps. It is an Android-based malware targeting users based in the U.S. and Spain.
What has happened?
SOVA was first spotted at the beginning of August by ThreatFabric. It can steal personally identifiable information and banking credentials.
- The malware is believed to be in its early stages of development at present. However, it’s been promoted on hacking forums with ads looking for malware testers.
- Some of its key functionalities include web overlay attacks, logging keystrokes, hiding notifications, and manipulating the clipboard to insert modified cryptocurrency wallet addresses.
- SOVA majorly relies on Accessibility Services to obtain all the required permissions to run easily on the compromised devices.
SOVA’s future roadmap
The proactive developers behind this banking trojan have already released a full roadmap of the features that will be added in upcoming releases of SOVA.
- The upcoming features include automatic three-stage overlay and cookie injections, clipboard manipulation, DDoS, improved panel health, MitM, normal push notifications, and intercepting two-factor authentication codes, among others.
- The promised set of features are very advanced and believed to help spread ransomware as well.
- With DDoS added, it may become one of the deadly combinations of banking malware with automated botnet capabilities.
Conclusion
Though in its primitive stage, SOVA is being promoted heavily on hacking forums. The developers of this malware certainly have high expectations since the malware has been offered to third parties for testing purposes. Before SOVA officially joins the trend of attacking financial firms, security teams must act now and consider implementing a risk-based mobile security strategy.
Source: https://cyware.com/news/sova-trojan-a-potential-harbinger-of-chaos-3ad7c33e