A new and advanced identified trojan, SOVA targets several banking applications, shopping applications, and cryptocurrency wallets. This trojan is originally malware distributed to Android devices which attack users located in the United States and Spain.
The SOVA malware was initially discovered by the start of August 2021 by the cybersecurity researchers ThreatFabric. The malware is capable of stealing any personally identifiable information of its victims and their banking details to conduct cybercrime.
At present, the said malware is considered in its early development stages. Still, upon scanning through hacking forums, it has been promoted with advertisements that say it is looking for malware testers. Logging keystrokes, overlay attacks, hiding notifications, and controlling a clipboard to enclose modified crypto wallet addresses are a few of its major key features. In addition, the SOVA malware mostly depends on the Accessibility Services in acquiring required permission access to easily intrude any compromised devices.
The future roadmap of SOVA trojan
It seems like the banking trojan, SOVA, already has a complete roadmap consisting of its features to be implemented in its future upcoming releases and updates, as investigated by its proactive developers.
These upcoming releases of features are reported to include DDoS attacks, an automatic overlay, and cookie injections in three stages, normal push notification, improved panel health, man-in-the-middle attack, clipboard manipulation, and tapping two-factor authentication codes, among a lot more others.
This prepared set of malware features is said to be very advanced and progressive and is believed to help spread ransomware all over vulnerable devices. And considering that it has a DDoS attack added on its features, it is also believed to be a deadly combination of banking malware with the capabilities of an automated botnet.
Even though the SOVA malware is still in its initial development stages, it is actively advertised on hacking forums. It has already been offered to third-party firms for testing purposes making its developers have high expectations of its performance in the future. Therefore, before this potentially dangerous malware can even begin its operations and attack many financial firms, it is highly advised that security groups must already start acting against it and consider executing risk-based security strategies.