An Android Trojan has been recently discovered by security experts and, it could enable the threat actors to steals all the personally identifiable data from infected devices, which also include bank credentials, and open the door to perform fraud.
This trojan is a combination of banking apps, cryptocurrency wallets, and shopping apps and it is currently targetting the US and Spain.
This new Android Banking malware is dubbed as SOVA, and this version of banking malware has myriad features specifically made for:-
Moreover, it also has future plans to install fraud on the device through VNC, carry out DDoS attacks, deploy ransomware, and even appropriate two-factor authentication codes.
This Trojan has come up with some specific functionalities, that we have mentioned below:-
The threat actors that are conducting this bot are quite proactive in nature, and that’s why they have released a detailed roadmap of the features that were being included in the future releases of S.O.V.A.:-
In this bot, there is a list of commands that can be sent by the C2 to the bot:-
Command | Description |
startddos | Start DDoS service |
stealer | Steal session cookie of a specific app |
hidensms | Hide received SMS |
starthidenpush | Hide push notifications |
delbot | Delete the bot from the device |
getlog | Send key logged data |
startkeylog | Clears key logged data |
scaninject | Adds new injects to injects list |
stopkeylog | Same as startkeylog |
openinject | Open WebView with link provided |
stophidenpush | Stop hiding push notifications |
sendpush | Display Push notification to start WebView Injection |
stophidensms | Stops hiding received SMS |
stopddos | Stop DDoS service |
stopscan | Stops injects |
stealerpush | Same as sendpush |
sendsms | Send SMS |
scancookie | Adds package to cookie stealing list (v2) |
stopcookie | Removes package names from cookie stealing list (v2) |
This bot has also some special as well as interesting capabilities that we have mentioned below:-
Generally, the S.O.V.A. malware depends upon the open-source project of RetroFit for having all kinds of communication with the C2 server. Retrofit is a type-safe REST client that is specifically made for Android, Java, and Kotlin developed by Square.
However, it has a huge library that implements a powerful framework for further authentication as well as for interacting with APIs and sending network requests along with OkHttp.
While this year the experts asserted that the trojan malware is attacking and implementing their operation randomly. But, S.O.V.A. is one of the very new sophisticated malware and it is being used by the threat actors often.
For these reasons the security analysts claimed that this malware is quite dangerous in nature, hence, the victims need to keep themselves safe from this kind of trojan attack.
Found this article interesting!! Follow us on Linkedin, Twitter, Facebook for daily Cyber Security News & Updates
In a sweeping directive aimed at streamlining the Department of Homeland Security (DHS) operations, Acting…
The much-anticipated Pwn2Own Automotive 2025 kicked off today at Tokyo Big Sight, showcasing the cutting…
A critical security flaw in Windows File Explorer, identified as CVE-2024-38100, has been actively exploited,…
Over 1,000 malicious domains have been identified that impersonate popular platforms like Reddit and WeTransfer…
A new ransomware threat dubbed "Helldown" has emerged, actively exploiting vulnerabilities in Zyxel firewall devices…
A former CIA analyst, Asif William Rahman, 34, pleaded guilty today to unlawfully retaining and…