Android Banking Trojan, SOVA Returns

The Android Banking Trojan, SOVA Returns With New Capabilities and Targets

The SOVA Android banking trojan is back with more upgraded capabilities making it more of a threat than ever before. Reportedly, it can target a minimum of 200 mobile applications, including banking apps, crypto wallets, and crypto exchanges. Previously, it could only target 90 applications. 

According to the Italian cybersecurity firm Cleafy, their latest findings include a newer version of the malware, which is able to intercept the two-factor authentication codes and steal cookies. Furthermore, they have also expanded their target to cover Australia, Brazil, China, the UK, India, and the Philippines. 

SOVA, which means Owl in Russian, became known in September 2021 when it was seen striking shopping apps and other financial apps in Spain and US. Through overlay attacks, they were taking advantage of Android’s Accessibility service and were harvesting credentials.

In under a year, the trojan was able to act as a foundation for MaliBot, another Android malware. This malware was designed to target online banking and cryptocurrency wallet customers located mainly in Spain and Italy. 

The upgraded variant of SOVA, called v4 by Cleafy, hides within fake applications that have logos similar to logos of legitimate apps such as Google Chrome and Amazon. Thus, they are able to deceive the users into installing them. Improvements in SOVA include recording the device screens and capturing screenshots.

One of the most notable actions SOVA v4 can take is gathering sensitive information from Trust and Binance Wallet, including account balances and seed phrases. Furthermore, all of the Ukrainian and Russian-based banking apps targeted by the malware have been removed from the version.

Even more alarming, the update allows the malware to leverage its already wide-ranging permissions to deflect any uninstallation attempts. It redirects the victim to the home screen and displays the message: This app is secured. Therefore, it is also a formidable threat in the mobile threat landscape.

Read Also

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.