[MART] - Daily Diary #348 - S.O.V.A., A New Android Banking Trojan

CTAS-MAT ctas-mat at appgate.com
Wed Sep 15 21:56:30 UTC 2021 

Hello,

I hope everyone is doing well!

Below is the entry for today.

09/15/2021 - Diary entry #348:


In the last Daily Diary, we covered the "Banking" malware type. Recently, a new Android malware named S.O.V.A. was spotted targeting victims from the US, UK, Russia, and others. S.O.V.A. targets banking applications, cryptocurrency wallets, and shopping apps from those countries.


In July, the authors behind S.O.V.A. were seen advertising the malware on hacking forums, looking for testers, and a sample was found with the filename "vormastor test crypted.apk". Therefore, this new threat is still both in development and testing phases. The current version of S.O.V.A. has the ability to steal credentials and session cookies through overlay attacks, enable a keylogging functionality, hide notifications, and manipulate the clipboard to insert modified cryptocurrency wallet addresses.


The group behind S.O.V.A. has a roadmap to implement more functionalities, such as 2FA interception, VNC, DDoS, Ransomware (with overlay for card number), and other interesting capabilities. If everything on the roadmap is implemented, it can become a dangerous threat, mixing banking and botnet functionalities.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210915/52bd4b9c/attachment.htm>

More information about the MART mailing list