Quote:A new Android banking trojan named SOVA (“owl” in Russian) is under active development, researchers said, and it has big dreams even in its infancy stage. The malware is looking to incorporate distributed denial of service (DDoS), man in the middle (MiTM) and ransomware functionality into its arsenal – on top of existing banking overlay, notification manipulation and keylogging services.
According to researchers from ThreatFabric, the malware’s authors are shooting for the moon on this one.
“This malware is still in its infancy [first appearing in August, now only on version 2] and it is undergoing a testing phase…prospecting serious and worrying plans for the near future,” they said in a Friday analysis, noting that the malware’s roadmap is laid out in underground forum posts advertising its availability for testing.
“SOVA is…taking a page out of traditional desktop malware,” they added. “Including DDoS, man in the middle and ransomware to its arsenal could mean incredible damage to end users, in addition to the already very dangerous threat that overlay and keylogging attacks serve.”
The malware authors’ coding and development choices also speak to SOVA’s sophistication, the analysis showed. “Regarding the development, SOVA also stands out for being fully developed in Kotlin, a coding language supported by Android and thought by many to be the future of Android development,” according to ThreatFabric. “If the author’s promises on future features are kept, SOVA could potentially be the most complete and advanced Android bot to be fully developed in Kotlin to this day.”
Read more: SOVA, Worryingly Sophisticated Android Trojan, Takes Flight | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
