S.O.V.A. Android Trojan Bothers Users in the U.S. and Spain
Cybercriminals are experimenting with a new piece of Android malware. This particular campaign seems to target users in the United States and Spain, but it may expand in the future. The implant in use is the S.O.V.A. Android Trojan – a banking Trojan capable of targeting bank apps, cryptocurrency wallets, and even specific shopping applications. By executing its attack successfully, the malware could siphon out personal and payment information.
S.O.V.A. Android Trojan is Still Work in Progress
However, hijacking payment data is just a drop in the ocean when it comes to S.O.V.A. Android Trojan's features. It can also log the user's keystrokes and gestures, as well as modify the behavior of the device. For example, it can choose to hide notifications from specific sources, or to manipulate the contents of the clipboards. Allegedly, the S.O.V.A. Android Trojan has unused code related to VNC services, so it is likely that the criminals are planning to add remote control features in an upcoming update.
The first S.O.V.A. Android Trojan attacks were registered in August 2021, but it seems that the campaign is still gaining pace. What is even scarier about this project is its eventual reach. The criminals are already advertising the product to likeminded criminals who can pay a fee to use it. Needless to say, this could rapidly turn S.O.V.A. Android Trojan into one of the more popular malware families for Android. The rapid development of the project is another reason to consider strengthening your device's security.
The crooks behind the S.O.V.A. Android Trojan may opt to use different tricks to approach their victims. So far, they have been relying heavily on email spam, text spam, fake downloads on 3rd-party app stores, and other fake content. Using an appropriate antivirus software suite for your Android device should be enough to deter the S.O.V.A. Android Trojan's attack, as well as other malicious software like the Elibomi Android Malware.