New SOVA Android Trojan Promises the Moon, Experts Insight

First seen in August and still in a testing phase, this Android banking trojan offered on the Dark Web is promising a disturbingly ambitious program of features. As reported Friday in a ThreatFabric Analysis, “SOVA is…taking a page out of traditional desktop malware.“ “Including DDoS, a man in the middle, and ransomware to its arsenal could mean incredible damage to end-users, in addition to the already very dangerous threat that overlay and keylogging attacks serve.” 

Functionalities of the bot, as advertised by its authors, include:

  • Steal Device Data.
  • Send SMS.
  • Overlay and Cookie injection.
  • Overlay and Cookie injection via Push notification.
  • USSD execution.
  • Credit Card overlays with validity check.
  • Hidden interception for SMS.
  • Hidden interception for Notifications.
  • Keylogger.
  • Uninstallation of the app.
  • Resilience from uninstallation from victims.

Experts Comments

September 14, 2021
Garret F. Grajek
CEO
YouAttest

With the growth of mobile banking and 69.3% of millennials doing most of their banking on mobile - this is a grave concern. The fact that this trojan is multi-faceted in its ability to invade the device, steal cookies, create man-in-the-middle attacks and stay resident means this is a serious threat to mobile banking.  Security on both sides of the fence, customer and financial institution is required to keep the transaction secured.  On the financial institution side, attention to anomalous

.....Read More

With the growth of mobile banking and 69.3% of millennials doing most of their banking on mobile - this is a grave concern. The fact that this trojan is multi-faceted in its ability to invade the device, steal cookies, create man-in-the-middle attacks and stay resident means this is a serious threat to mobile banking.  Security on both sides of the fence, customer and financial institution is required to keep the transaction secured.  On the financial institution side, attention to anomalous activities and identities is paramount.

  Read Less
September 14, 2021
Saryu Nayyar
CEO
Gurucul

This appears to be dangerous malware, and people putting more and more sensitive information on their phones and tablets makes it ripe for widespread abuse.  It includes stealing personal information, encrypting the phone for ransom, or spreading malware to other systems. While a phone directly affects only a single person, it can also provide entry to larger and more significant enterprise networks.

Phones have a selection of anti-malware available, but enterprises also need to address the

.....Read More

This appears to be dangerous malware, and people putting more and more sensitive information on their phones and tablets makes it ripe for widespread abuse.  It includes stealing personal information, encrypting the phone for ransom, or spreading malware to other systems. While a phone directly affects only a single person, it can also provide entry to larger and more significant enterprise networks.

Phones have a selection of anti-malware available, but enterprises also need to address the gateways into enterprise systems and networks. We need the tools to monitor and analyze risks associated with malware and attacks as they come in through phones connected to these systems.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.