U.S.- and Spain-based banking and shopping apps, as well cryptocurrency wallets are being targeted by the new S.O.V.A. Android banking trojan, which is being leveraged for exfiltrating personally identifiable information, The Hacker News reports.
ThreatFabric researchers identified S.O.V.A. last month and found that the malware's current version has capabilities for credential and session cookie theft, as well as keystroke logging, notification hiding and clipboard manipulation. However, more features such as on-device fraud through Virtual Network Computing, ransomware deployment, distributed denial-of-service attack execution and two-factor authentication code interception are expected in the trojan's future iterations.
"The second set of features, added in the future developments, are very advanced and would push S.O.V.A. into a different realm for Android malware, making it potentially one of the most advanced bots in circulation, combining banking malware with automation and botnet capabilities." said ThreatFabric.
ThreatFabric also notes that S.O.V.A.'s extensive feature roadmap and testing with third-parties indicate its author's high expectations for the banking trojan.