A mix of banking apps, cryptocurrency wallets, and shopping apps from the US and Spain is the target of a recently discovered Android Trojan that could allow attackers to siphon off money. personally identifiable information from infected devices, including bank credentials and opening the door to the device. fraud.
Dubbed SOVA (referring to the Russian word for owl), the current version of banking malware comes with a myriad of features to steal credentials and session cookies via web overlay attacks, log keystrokes, hide notifications and manipulate the clipboard to insert modified cryptocurrency wallet addresses. , with future plans to incorporate fraud on the device via VNC, conduct DDoS attacks, deploy ransomware, and even intercept two-factor authentication codes.
The malware was discovered in early August 2021 by researchers at Amsterdam-based cybersecurity company ThreatFabric.
Overlay attacks typically involve the theft of confidential user information using malware that overlays their own windows on top of another program. On the other hand, the theft of valid session cookies is particularly nasty because it allows criminals to log in and take over user accounts without needing to know bank credentials.
“The second set of features, added in future developments, is very advanced and would push SOVA into a different realm for Android malware, potentially making it one of the most advanced bots in circulation, combining banking malware with automation and botnet capabilities. ThreatFabric said in a report shared with The Hacker News.
Although the malware is believed to be in its early stages of development, SOVA developers have been advertising the product on hacking forums, seeking to recruit testers to test the malware on a large number of devices and its bot capabilities. . “No redistribution of Cerberus / Anubis, bot is written from scratch,” read the forum post.
“[S.O.V.A.] is still a project in its infancy, and now provides the same basic functionality as most other modern Android banking malware, ”the researchers said.“ However, the author of this bot clearly has high expectations for his product. , and this is demonstrated by the author’s commitment to testing SOVA with third parties, as well as SOVA’s explicit feature roadmap. “