Site icon TechNewsBoy.com

This Android banking malware now also infects your smartphone with ransomware

Image: Getty/Jose Luis Pelaez Inc

An Android banking trojan has re-emerged with new features that make it more powerful and more dangerous to a wider range of users. Also, it now delivers ransomware.

The Sova Android banking malware first appeared for sale in underground markets in September last year, with its author stating that it was still under development. Even so, it still packed a punch, with the ability to harvest usernames and passwords via keylogging, stealing cookies and adding false overlays to a range of apps.

Now, as detailed by cybersecurity researchers at online fraud prevention company Cleafy, Sova has been updated with a range of new abilities, including the ability to mimic over 200 banking and payment applications, plus the capability to target cryptocurrency wallets. Sova can also now encrypt devices with ransomware, although this feature still appears to be in the process of being implemented.

This raises the prospect of victims not only having information including bank details, passwords and other personal data secretly stolen by trojan malware, but also losing their files to encryption, unless they give in and pay a ransom demand.

“The ransomware feature is quite interesting as it’s still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data,” wrote researchers at Cleafy in a blog post.

SEE: How to keep your bank details and finances more secure online

The latest update also allows attackers to take screenshots from the device and even record from the infected smartphone.

Sova has been updated with new capabilities multiple times in recent months, including the ability to intercept multi-factor authentication (MFA) tokens, allowing attackers to steal information even if the account is protected with the recommended additional layer of defence.

Researchers also warn that even though the malware is still under active development, “it’s ready to carry on fraudulent activities at scale.”

Like many other forms of Android malware, Sova is delivered via fake applications which claim to be known entities, including from the likes of Google and Amazon. However, the apps don’t serve any purpose other than to deliver the malware, and often lack any of their advertised functions.

To help avoid falling victim to mobile malware, users should be cautious about what applications they download and from where. Official application stores are more trustworthy than third-party download sites, but even then you should ensure that what you’re downloading is really what it says it is.

For example, an app could claim to be something from a well-known developer, but if it’s registered as developed by someone else entirely, you should avoid downloading the app.

In official app stores, users can also check reviews of the app – a string of negative reviews might provide clues that the app isn’t what it really claims to be.

MORE ON CYBERSECURITY

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version