SOVA: The Latest Android Banking Malware Is Posing a Real Threat
Author: Trend Micro
This article is from Trend Micro.
A newly discovered Android malware was found to be capable of collecting tons of personally identifiable information (PII) from infected devices – including banking credentials.
Dubbed SOVA (after the Russian word for owl) and discovered by the cybersecurity firm ThreatFabric, this banking malware has tons of credential-stealing features. The malicious software is capable of keystroke logging, hiding notifications, performing web overlay attacks, and modifying cryptocurrency wallet addresses on users’ devices. The developers of the malware have posted online about their future plans to enable SOVA to commit on-device fraud, perform DDOS attacks, deploy ransomware, and even intercept two-factor authentication codes. If they are successful in doing so, SOVA will easily be the most powerful mobile malware ever.
Researchers from ThreatFabric also pointed out that SOVA is capable of performing one highly uncommon banking-trojan feature rarely seen in Android malware – the ability to steal session cookies. This allows the malware to piggyback on valid logged-in banking sessions, meaning it doesn’t need to have a victim’s banking credentials to access their account.
“Cookies are a vital part of web functionality, which allow users to maintain open sessions on their browsers without having to re-input their credentials repeatedly” the ThreatFabric researchers explained.
SOVA can hijack a user’s browser session, replace a legitimate site with a fake version, and steal their browser’s cookies after they log in. This allows the malicious software to easily steal session cookies from web apps and sites like Gmail and PayPal.
The authors of the SOVA banking Trojan have been seen advertising the product on underground hacking forums since July, which was when they started looking for people to test their malicious code.
Financial institutions across the world have been targeted, but the data shared by ThreatFabric shows that the most attacked countries were the US, the UK, and Russia.
How can I protect my device against SOVA?
Trend Micro Mobile Security (TMMS) offers comprehensive anti-malware capabilities via its real-time Security Scan feature. Security Scan alerts you to any malware hidden in apps before they can be installed on your device.
Currently, Trend Micro Mobile Security can detect the following samples of the SOVA Android malware:
Trend Micro Mobile Security can also detect when SOVA is attempting to trick you into thinking you’re using a real website or app – protecting your login information from being stolen.
Report a Scam!
Have you fallen for a hoax, bought a fake product? Report the site and warn others!
Scam Categories
Help & Info
Popular Stories
As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu
So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking. If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller. The condition of the item was misrepresented on the product page. This could be the