First seen in August and still in a testing phase, this Android banking trojan offered on the Dark Web is promising a disturbingly ambitious program of features. As reported Friday in a ThreatFabric Analysis, “SOVA is…taking a page out of traditional desktop malware.“ “Including DDoS, a man in the middle, and ransomware to its arsenal could mean incredible damage to end-users, in addition to the already very dangerous threat that overlay and keylogging attacks serve.”
Functionalities of the bot, as advertised by its authors, include:
- Steal Device Data.
- Send SMS.
- Overlay and Cookie injection.
- Overlay and Cookie injection via Push notification.
- USSD execution.
- Credit Card overlays with validity check.
- Hidden interception for SMS.
- Hidden interception for Notifications.
- Uninstallation of the app.
- Resilience from uninstallation from victims.