A new dangerous Android malware that has capabilities for ransomware and DDoS attacks

Cybersecurity specialists report the detection of a banking Trojan for Android devices that has advanced capabilities, including features for denial of service (DoS), Man-in-The-Middle (MiTM) attacks and ransomware infections, in addition to the regular specifications of a conventional Trojan.

This malware has been identified as SOVA (owl in Russian) and its developers seem to have invested a huge effort in its creation. ThreatFabric researchers are surprised by the sophistication of SOVA: “Although it is still in the development stage, the advances shown by this Trojan are worrying,” they mention.

The researchers also mention that the type of coding employed by the creators of the malware is another example of their level of sophistication: “SOVA is developed in Kotlin, a coding language supported by the Android system that could receive a lot of boost in the future. On the illegal platform where SOVA testing is announced, the developers mention that this could be the most comprehensive hacking tool for this operating system.”

About its functions, SOVA is essentially a conventional banking Trojan that received innovative features. One of the main functions that this malware has is the ability to create fake custom login screens, which would allow hackers to attack in virtually any region of the world in order to intercept online banking credentials.

In addition, SOVA may monitor a number of applications installed on the affected devices in order to track and intercept login cookies, which will increase the range of the banking Trojan.

As if that were not enough, in the testing stages of SOVA threat actors are polishing the DoS, MiTM and ransomware features of the Trojan, in order to fix potential bugs and improve the operation of SOVA for a potential mass release.

It is this feature set that most worries the researchers: “These functions, which will be added in future developments, are very advanced and would take SOVA to a higher level than conventional banking malware. If they can consolidate the development of SOVA, this will be the most featured Trojan on the black market, becoming one of the top mobile security threats.”

SOVA bears some similarities to TrickBot, a cross-platform malware initially developed as a banking Trojan but which received more features in its testing stage, making it one of the most popular banking Trojans in the world of cybercrime.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.