Android users have been put on the alert about a new banking Trojan that can steal sensitive personal information. The latest malware targeting the operating system made by Google has been called SOVA, and researchers at ThreatFabric only discovered it last month. The dangerous new Android malware is targeting users of popular Google Play Store apps in many regions of the world, including the UK, US, Australia and European countries like Germany, Italy and Spain.
Experts warn that the stealth Android malware can be used in a wide variety of attacks and “can cause unbelievable damage”.
The malicious software was named after the Russian word for owl, and that fits as the malware – like its nocturnal namesake – is able to quietly track and capture its prey.
Researchers said the main goal of Android malware is to steal sensitive user information from victims through keylogging, overlay attacks, and other nefarious means.
However, experts also said that SOVA has a number of other dangerous capabilities, meaning it can be used in ransomware, man-in-the-middle, and distributed denial of service (DDoS) attacks.
In a study online ThreatFabric said: “This identifies a completely new Android banking Trojan to the best of our knowledge. The Trojan is currently in the development and testing phase and aims to remove other highly dangerous functions such as DDoS and its overlay and keylogging mechanisms Ransomware in future releases. “
READ MORE: Google to BLOCK Gmail, Google Maps, and YouTube on some Android phones
The Amsterdam security experts added: “Like many others, SOVA is taking a page out of traditional desktop malware, confirming a trend in mobile malware that has existed for several years. Including DDoS, Man in the Middle, and ransomware in their arsenal could cause incredible harm to end users on top of the already very dangerous threat posed by overlay and keylogging attacks. “
According to ThreatFabric, SOVA is still in the development and testing phase, but a number of samples of it have been spotted in the wild.
And what sets SOVA apart from other Android malware is that it can perform session cookie theft.
Cookies are an integral part of the Internet experience and allow users to stay logged in on a variety of websites without having to re-enter their username and password.
Threat actors who are able to obtain a valid session cookie effectively have access to the victim’s logged-in web session.
This opens up a wide variety of attacks to an Android user.
ThreatFabric said the country hardest hit by the SOVA threat to date has been the US, followed by the UK.
Popular Android apps on the Google Play Store that are being attacked by the new malware include the apps from Barclays, Lloyds, Halifax and NatWest.
Other widely used Android apps that SOVA targets are the Amazon and PayPal apps.
Regarding the future of this new malware, ThreatFabric added, “The current version of SOVA is capable of stealing login information and session cookies through overlay attacks, keylogging, hiding notifications and manipulating the clipboard to get modified cryptocurrency wallet addresses If authors stick to the roadmap, it will also be able to detect fraud on the device through VNC, DDoS functions, ransomware and advanced overlay attacks. These features would make SOVA the most feature-rich Android malware on the market and could become the ‘new norm’ for Android banking Trojans targeting financial institutions. “
As always, the best way to stay away from malware is to stick to the official Google Play Store app marketplace and only download apps from trusted developers.
Avoid clicking on suspicious emails that may be sent to you from unknown contacts and visit websites that do not support the HTTPS protocol also to protect you from threats.