Sova, the Android Banking Malware, is Back and Worse than Before

Even if mobile malware doesn’t have nearly as much of a presence in the cyber threat landscape as other major threats like ransomware variants, it is still just as dangerous under the right circumstances. An Android banking malware called Sova, for example, has returned with a vengeance with additional features to make users’ lives miserable.

What is Sova?

As an Android banking malware, Sova can provide criminals with back-end access to devices so they can cause all kinds of problems later on. Although it was originally released in September 2021 in an incomplete stage, it was still able to steal usernames and passwords through tactics such as keylogging and false overlays atop popular mobile applications.

Sova is more dangerous nowadays, as it is capable of deploying malware to infected devices, along with having a whole other lot of nasty features. It is remarkably flexible in that it can replicate over 200 banking and payment applications, as well as target cryptocurrency wallets. Sova is also able to take screenshots of infected devices and record audio through their microphones.

So, yeah, Sova is just a little scarier now.

Security researchers at Cleafy state, “The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity that arises in recent years, as mobile devices became for most people the central storage for personal and business data.”

Furthermore, Sova can weasel its way past multi-factor authentication measures by intercepting MFA tokens, even if the user has deployed multi-factor authentication to protect themselves.

How Can You Avoid This Threat?

Sova and other Android malware variants typically spread through fraudulent applications hosted on the Google Play store. If a user downloads the app, they are infected by Sova. We encourage all users to practice a certain level of caution and scrutiny with any downloadable applications, and you should never download an app from anywhere other than a trusted first-party source. It helps to look at reviews and descriptions of applications as well.

With mobile device management tools at your disposal, you can protect your business from mobile threats like Sova. With powerful enterprise-level security, you can whitelist or blacklist applications, remotely wipe infected devices, and so much more. With these solutions in place, you won’t be afraid of mobile threats.

To learn more, contact Jackson Thornton Technologies at (877) 226-9091.