Although active since 2021, there’s an Android trojan (click link) that keeps improving on what it can do. If you own an Android smartphone, you need to read this post.
“SOVA Android Malware” is the trojan we’re talking about in this post. Oddly, SOVA means “Owl” in Czech. (Some websites claim it’s Russian for “owl” but my research shows that it’s Czech.) The destructive software is found on the dark web and its author is unknown at this time.
What It Can Do
Originally, this trojan could infect banking and shopping apps. (Latest version targets over 200 apps.) It would steal credentials for logging into these types of sites. However, massive improvements have been made in the year it’s been around. (That is, from a hacker’s point of view.)
Current versions of SOVA can intercept two-factor authentication codes; take screenshots; and steal data. Also, it attempts to steal your Gmail, GPay, and Google Password Manager cookies. It can even protect itself from being uninstalled. Finally, ransomware (click link) can be put on your phone by the version currently being developed.
How You Get It
The SOVA trojan masquerades itself as a legitimate shopping, banking, or financial app. Most of the time, these fake apps come from third-party download sites. However, even in the Google Play Store, you need to be careful that an app is what it says it is. The best thing to do is review the comments to see if there are negative entries outlining security issues.
Additionally, it may be downloaded when you visit a financial or shopping website in your phone’s browser. SOVA will put an “overlay” onto a legitimate website and it will capture all your log-in information.
The SOVA trojan malware doesn’t affect (or infect) the iPhone. Still, you should warn your Android-user friends!