The Sova Android banking malware first appeared for sale in underground markets in September last year, with its author stating that it was still under development. Even so, it still packed a punch, with the ability to harvest usernames and passwords via keylogging, stealing cookies and adding false overlays to a range of apps. Now, as detailed by cybersecurity researchers at online fraud prevention company Cleafy, Sova has been updated with a range of new abilities, including the ability to mimic over 200 banking and payment applications, plus the capability to target cryptocurrency wallets. Sova can also now encrypt devices with ransomware, although this feature still appears to be in the process of being implemented. This raises the prospect of victims not only having information including bank details, passwords and other personal data secretly stolen by trojan malware, but also losing their files to encryption, unless they give in and pay a ransom demand. “The ransomware feature is quite interesting as it’s still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data,” wrote researchers at Cleafy in a blog post. SEE: How to keep your bank details and finances more secure online The latest update also allows attackers to take screenshots from the device and even record from the infected smartphone. Sova has been updated with new capabilities multiple times in recent months, including the ability to intercept multi-factor authentication (MFA) tokens, allowing attackers to steal information even if the account is protected with the recommended additional layer of defence. Researchers also warn that even though the malware is still under active development, “it’s ready to carry on fraudulent activities at scale.” To help avoid falling victim to mobile malware, users should be cautious about what applications they download and from where. Official application stores are more trustworthy than third-party download sites, but even then you should ensure that what you’re downloading is really what it says it is. For example, an app could claim to be something from a well-known developer, but if it’s registered as developed by someone else entirely, you should avoid downloading the app. In official app stores, users can also check reviews of the app – a string of negative reviews might provide clues that the app isn’t what it really claims to be. MORE ON CYBERSECURITY

Here are the top phone security threats in 2022 and how to avoid themAndroid security: How this new malware has become a top smartphone threatThis cruel Android malware wipes phones after stealing moneyOver 300,000 Android users have downloaded these banking trojan malware apps, say security researchersBe careful what you download: 17 password-stealing Android apps removed from Google Play