Developers of the SOVA Android banking trojan have been continuously updating the malware to expand its capabilities, most recently implementing a ransomware module on the 5.0 version, according to BleepingComputer.
The latest release of the malware can now target more than 200 banking, digital wallet and cryptocurrency exchange applications to steal victims sensitive user data and cookies, while also gaining new features including ransomware and code upgrades enabling it to operate more stealthily after infiltrating the target device, according to mobile security group Cleafy, which has been monitoring SOVAs evolution since 2021 when the project was first announced.
Based on an analysis of an early release of SOVA v5, Cleafy reported that the new ransomware module locks all files in an infected device using AES encryption and appends the .enc extension on the encrypted files.
The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data, the company said.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news