New Android Banking Trojan Emerges With Growing Capabilities

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,584
71,500
A mix of banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain are the target of a newly discovered Android trojan that could enable attackers to siphon personally identifiable information from infected devices, including banking credentials and open the door for on-device fraud.

Dubbed S.O.V.A. (referring to the Russian word for owl), the current version of the banking malware comes with myriad features to steal credentials and session cookies through web overlay attacks, log keystrokes, hide notifications, and manipulate the clipboard to insert modified cryptocurrency wallet addresses, with future plans to incorporate on-device fraud through VNC, carry out DDoS attacks, deploy ransomware, and even intercept two-factor authentication codes.

The malware was discovered in the beginning of August 2021 by researchers from Amsterdam-based cybersecurity firm ThreatFabric.

Overlay attacks typically involve the theft of confidential user information using malware that overlays its own windows on top of another program. On the other hand, the pilfering of valid session cookies is particularly nasty as it allows the criminals to log in and take over accounts from the users without the need for knowing the banking credentials.

"The second set of features, added in the future developments, are very advanced and would push S.O.V.A. into a different realm for Android malware, making it potentially one of the most advanced bots in circulation, combining banking malware with automation and botnet capabilities," ThreatFabric said in a report shared with The Hacker News.
 

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,584
71,500
The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research.

"The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed statement.
 
Top