Android Trojan Malware on Banking, Shopping, Crypto Wallet Apps Targets US, Spain Users

Android Trojan Malware that goes by the name SOVA found on banking, shopping, and crypto wallet app currently targets both United States and Spain users.

(Photo : by Adam Berry/Getty Images)
BERLIN, GERMANY – SEPTEMBER 26: A visitor passes an image of the Brandenburg Gate with the Android operating system logo on top of it on September 26, 2012 in Berlin, Germany. BERLIN, GERMANY

As per Threat Post, the new Android malware first made its way on Android apps last August, noting that it could possibly be “the most feature-rich market.”

The name of the Android banking malware SOVA means owl in the Russian language.

It is worth noting that the new Android trojan is still in its early days. Thus, the actual extent of the banking malware is yet to be unveiled.

Last Sept. 10, the SOVA malware already released its second version, following its initial appearance last August.

However, the malware is still in its trial phase. That said, the severe ill effects of the Trojan will see the light of day in the coming future.

Android Trojan Malware

According to Cyber Security News, the latest Android Trojan allows criminal minds to use it as a tool to successfully mine personal data from the devices of its victims, which includes sensitive info like bank credentials.

The outlet further revealed that the SOVA Trojan hides under banking apps, e-commerce platforms, and even cryptocurrency wallets by using it as a disguise.

Notably, these platforms require users to share their banking login credentials, allowing threat actors to steal money or sell sensitive data to other criminal minds for profit.

The Android malware further takes hold of a user’s personally identifiable information by infiltrating the Accessibility Services of Android, which allows the virus to pass through the permissions needed to steal info.

 Android Trojan Malware Features

What sets the newest Android malware apart from other Trojans is its numerous features at hand, including stealing credentials, hiding notifications, taking note of keystrokes, managing the clipboard to copy crypto wallet addresses, and even accessing the session cookies.

Through the said features, SOVA can perform multiple specific functions inside the Android device of the victim–such as sending SMS, hiding interception for SMS, hiding interception for notifications.

Not to mention that the malware could also uninstall an app, steal data from the device, and install a keylogger.

What’s more, the malware also defends itself from the victim’s attempt to uninstall the app carrying the SOVA trojan. Thus, making its removal a difficult task.

Read Also: FlyTrap Malware Threatens Facebook Hacks via Android Devices, Here’s How to Avoid It

Android Trojan Malware Roadmap

As mentioned, the SOVA trojan is still in its infancy stage. That said, the malware devs are still working on features that they have already laid out on their roadmap.

In the future, the new Trojan malware could include additional features that further propels the intention of threat actors to steal sensitive data from its victim’s smartphones.

Some of the upcoming functions are the interception of two-factor authentication, manipulation or clipboard, and automatic injections of cookies.

Elsewhere, another Android banking malware is forcing its users to provide their banking creds.

In other related news, the notorious Joker malware prevails with its malicious scheme on Android devices.

Related Article: WhatsApp Mod Hacking: Triada Trojan Can Interfere User’s Experience– How to Avoid This Malware?

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2021 All rights reserved. Do not reproduce without permission.