Developers of the SOVA Android banking trojan have been continuously updating the malware to expand its capabilities, most recently implementing a ransomware module on the 5.0 version, according to BleepingComputer. The latest release of the malware can now target more than 200 banking, digital wallet and cryptocurrency exchange applications to steal victims sensitive user data and cookies, while also gaining new features including ransomware and code upgrades enabling it to operate more stealthily after infiltrating the target device, according to mobile security group Cleafy, which has been monitoring SOVAs evolution since 2021 when the project was first announced. Based on an analysis of an early release of SOVA v5, Cleafy reported that the new ransomware module locks all files in an infected device using AES encryption and appends the .enc extension on the encrypted files. The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data, the company said.