Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

SOVA Android Banking Trojan Returns With New Capabilities and Targets

admin by admin
August 16, 2022
in Ethical Hackers


The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out.

That’s according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept two-factor authentication (2FA) codes, steal cookies, and expand its targeting to cover Australia, Brazil, China, India, the Philippines, and the U.K.

SOVA, meaning Owl in Russian, came to light in September 2021 when it was observed striking financial and shopping apps from the U.S. and Spain for harvesting credentials through overlay attacks by taking advantage of Android’s Accessibility services.

CyberSecurity

In less than a year, the trojan has also acted as a foundation for another Android malware called MaliBot that’s designed to target online banking and cryptocurrency wallet customers in Spain and Italy.

The latest variant of SOVA, dubbed v4 by Cleafy, conceals itself within fake applications that feature logos of legitimate apps like Amazon and Google Chrome to deceive users into installing them. Other notable improvements include capturing screenshots and recording the device screens.

SOVA Android Banking Trojan

“These features, combined with Accessibility services, enable [threat actors] to perform gestures and, consequently, fraudulent activities from the infected device, as we have already seen in other Android Banking Trojans (e.g. Oscorp or BRATA),” Cleafy researchers Francesco Iubatti and Federico Valentini said.

SOVA v4 is also notable for its effort to gather sensitive information from Binance and Trust Wallet, such as account balances and seed phrases. What’s more, all the 13 Russian and Ukraine-based banking apps that were originally targeted by the malware have since been removed from the version.

CyberSecurity

To make matters worse, the update enables the malware to leverage its wide-ranging permissions to deflect uninstallation attempts by redirecting the victim to the home screen and displaying the toast message “This app is secured.”

The banking trojan, feature-rich as it is, is also expected to incorporate a ransomware component in the next iteration, which is currently under development and aims to encrypt all files stored in the infected device using AES and rename them with the extension “.enc.” The enhancement is likely to make SOVA a formidable threat in the mobile threat landscape.

“The ransomware feature is quite interesting as it’s still not a common one in the Android banking trojans landscape,” the researchers said. “It strongly leverages on the opportunity that has arisen in recent years, as mobile devices became for most people the central storage for personal and business data.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Microsoft Warns About Phishing Attacks by Russia-linked Hackers

Next Post

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

Next Post

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

Recommended

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

1 month ago

Guarda la NFL 2022 ovunque

4 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.