The three-horse banking Sova has developed a series of new features. Among them, the distribution of ransomware.
Sova started to show the tip of his nose in September 2021. Bad news, he is coming back even better and even more dangerous than before. As a reminder, this malware spreads via fake applications. More than 200 are affected by this new warning, including banking apps and cryptocurrency wallets.
Already in its early days, the Sova malware was capable of keylogging usernames and passwords, stealing cookies, and adding fake overlays to a variety of applications. Keylogging consists of recording the sequences of keys typed on a keyboard.
According to cybersecurity researchers at online fraud prevention firm Cleafy, since its update, the software has new capabilities. “Even though at the time the author claimed that the malware was still under development, in fact it already possessed multiple capabilities and was practically in the commercialization phase”, introduce the researchers.
The first version of Sova targeted nearly 90 applications. Now, the malware is able to imitate more than 200 banking and payment applications, target cryptocurrency wallets as a trojan – but also condition the recovery of encrypted personal data on payment of a certain amount, usually in cryptocurrencies. We are therefore talking here about a new “ransomware” activity.
Attackers can now capture device screenshots and record audio from the infected smartphone. They can also manage multiple commands, such as screen click, swipe, copy/paste and the ability to display an overlay screen to hide the screen from the victim.
Another advantage of these commands for the hacker, if the victim tries to uninstall the malware from the settings or by pressing the icon, Sova is able to intercept these actions and prevent them. This can be done by force returning to the home screen and displaying a window saying “This application is secure”. Cybercriminals have also refactored and improved the cookie-stealing mechanism.
A new module dedicated to the Binance exchange and the Trust Wallet, Binance’s official cryptographic wallet, has appeared. Its purpose is to obtain different information, such as the account balance, the different actions performed by the victim inside the application and the combination used to access the cryptocurrency wallet.
Follow Geeko on Facebook, Youtube and Instagram to not miss any news, tests and tips.