the malware SOVA is back and seems to be moving faster and faster. Remember that SOVA is a family of Android malware that attacks, among other things, your bank data.
Malware is malicious software installed by users without their knowledge. More often than not, they are disguised in perfectly common applications.
A multifunctional malware
New versions of the SOVA malware keep appearing in the (cyber) nature. SOVA was originally announced by its creators in September 2021. Since then, several versions have been developed, including versions 4 and 5 identified this summer.
This is malware contained in very common Android applications such as YouTube Adblocker or Adobe Flashplayer. But instead of providing the functionality intended by these apps, SOVA steals your data and intrudes into your other apps.
In its first version, SOVA could intercept identifiers, read and send SMS, or even steal cookies. These then allow the malware to be “recognized” on protected online services without having to identify themselves (until the cookie expires, after a certain period of time).
SOVA version 4 and 5, what’s new?
The fourth version of SOVA can be introduced into more than 200 banking or cryptocurrency exchange applications. The malware can now take partial control over the infected device, and therefore take screenshots, delete the malware’s parent application, copy and paste elements, or even click and swipe.
The latest version also includes extensions specific to certain brands including Honor, OPPO, Xiaomi, Samsung and vivo, which allows it to adapt to the functionality of their smartphones. Similarly, cookie theft can now specifically target Gmail, Google Pay and Google Password Manager.
A very last version, SOVA 5, would have been intercepted recently. This version also contains ransomware, which takes your data hostage and demands a ransom before giving you back access to the stolen files. SOVA 5 is not widespread yet, but it is fully functional and ready to infect our devices.
Source : Bleeping Computer
9