First seen in August and still in a testing phase, this Android banking trojan offered on the Dark Web is promising a disturbingly ambitious program of features. As reported Friday in a ThreatFabric Analysis, “SOVA is…taking a page out of traditional desktop malware.“ “Including DDoS, a man in the middle, and ransomware to its arsenal could mean incredible damage to end-users, in addition to the already very dangerous threat that overlay and keylogging attacks serve.”
Functionalities of the bot, as advertised by its authors, include:
- Steal Device Data.
- Send SMS.
- Overlay and Cookie injection.
- Overlay and Cookie injection via Push notification.
- USSD execution.
- Credit Card overlays with validity check.
- Hidden interception for SMS.
- Hidden interception for Notifications.
- Keylogger.
- Uninstallation of the app.
- Resilience from uninstallation from victims.
<p>With the growth of mobile banking and 69.3% of millennials doing most of their banking on mobile – this is a grave concern. The fact that this trojan is multi-faceted in its ability to invade the device, steal cookies, create man-in-the-middle attacks and stay resident means this is a serious threat to mobile banking. Security on both sides of the fence, customer and financial institution is required to keep the transaction secured. On the financial institution side, attention to anomalous activities and identities is paramount.</p>
<p>This appears to be dangerous malware, and people putting more and more sensitive information on their phones and tablets makes it ripe for widespread abuse. It includes stealing personal information, encrypting the phone for ransom, or spreading malware to other systems. While a phone directly affects only a single person, it can also provide entry to larger and more significant enterprise networks.</p>
<p>Phones have a selection of anti-malware available, but enterprises also need to address the gateways into enterprise systems and networks. We need the tools to monitor and analyze risks associated with malware and attacks as they come in through phones connected to these systems.</p>