 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: S.O.V.A.| Names | S.O.V.A. | |
| Category | Malware | |
| Type | Banking trojan, Backdoor, Info stealer, Credential stealer, Keylogger | |
| Description | (ThreatFabric) Sova is the Russian word for owl. This name was chosen by the threat actor himself/herself possibly because of owl’s nature as nocturnal birds of prey, quiet but efficient in stalking and capturing their victims. This identifies a completely new, to the best of our knowledge, Android banking trojan. The trojan is currently in development and testing phase, and has the objective to add to his overlay and keylogging mechanisms, other higly dangerous features like DDoS and Ransomware in future versions. There are a few interesting aspects that differentiate this trojan to already existing ones, both in features as well as in development. | |
| Information | <https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html> <https://blog.cyble.com/2021/09/14/deep-dive-analysis-of-s-o-v-a-android-banking-trojan/> <https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S1062> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/apk.sova> | |
Last change to this tool card: 22 June 2023
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
Unknown groups | |||||
 | _[ Interesting malware not linked to an actor yet ]_ | ||||
1 group listed (0 APT, 0 other, 1 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |