A new Android banking trojan referred to as SOVA is currently under active development, according to researchers. The malware is reportedly looking to incorporate several tools into its arsenal, including ransomware functionality, distributed denial of service, and man in the middle. The banking trojan already boasts functions such as banking overlay, notification manipulation, and keylogging services. Researchers at ThreatFabric reported that the malware’s authors are seeking to make the trojan incredibly powerful, stating that although the malware is still in its infancy at version 2, SOVA’s plans for the future are worrisome.
SOVA is reportedly following the lead of traditional desktop malware, including DDoS, man in the middle, and ransomware functionality. These tools mean incredible damage to targets and end-users. although keylogging attacks are already dangerous themselves. The coding and development choices speak to SOVA’s sophistication according to a recent analysis. SOVA currently relies on the legitimate open-source project known as RetroFit for its communication and command-and-control server.
Read More: SOVA, Worryingly Sophisticated Android Trojan, Takes Flight