Threat analysts at mobile security firm Cleafy have been tracking the development of the Sova malware and report it has evolved rapidly in the last few months. It can now mimic over 200 banking and payment applications and even encrypt mobile devices with ransomware. “The ransomware feature is quite interesting as it’s still not a common one in the Android banking trojans landscape,” wrote Cleafy. “It strongly leverages on the opportunity [that arose] in recent years, as mobile devices became, for most people, the central storage for personal and business data.”
Earmarking Mobiles
According to Cleafy, Sova was announced in hacker forums in September 2021, together with a roadmap for future development, which immediately caught the researcher’s attention. Unfortunately for us, Sova’s authors have apparently kept their promise, and the malware, now on version 5, has evolved to become a very potent threat. “As smartphones continue to grow and evolve, applications to make our day-to-day lives easier are evolving with them,” Chuck Everette, Director of Cybersecurity Advocacy at Deep Instinct, told Lifewire over email. “This introduces new attack avenues and a larger threat landscape for malicious threat actors to take advantage of.” To help avoid falling victim to Sova, or any mobile malware, Lorri Janssen-Anessi, Director of External Cybersecurity Assessments at BlueVoyant, suggests users who bank with smartphones be vigilant. “The days of just clicking ‘ok’ or ‘I agree’ should be in the past, especially when it comes to using banking apps,” Janssen-Anessi told Lifewire over email. “Be as dedicated to your decision to download and use a banking application as you would selecting an actual bank. She suggests people should ensure that their banks are as reliable in all of their online services as they are in their in-person services.” As several Android malware, Sova included, are delivered via fake apps, Chris Hauk, consumer privacy champion at Pixel Privacy, suggests people always check their bank’s website for a direct link to their official app. “Take the time to ensure that an app is actually made by a genuine developer,” Hauk told Lifewire over email. “Just because an app has the Chrome logo, or a logo from your bank or other company, doesn’t mean that the app is genuine.”
Good Security Hygiene
While advising never to download an app from a link provided by an unverified party, Hauk suggested people also stay clear of links or attachments in unsolicited emails or messages. “The core advice here is to only install very well-known and reputable applications,” agreed Everette, adding, “do not blindly accept prompts, and avoid clicking on advertisements or security alerts that pop up on your device.” According to Janssen-Anessi, the best way to avoid installing a malicious app is good ol’ research. “The great thing about internet users is that they are happy to share their negative experiences, so see what other users are experiencing before you click install.” And if your bank doesn’t offer an app, Janssen-Anessi suggests it’s best not to bank using the mobile browser, as they come with their own share of security issues. In addition to making sure you use your bank’s genuine app, Melissa Bischoping, Endpoint Security Research Specialist at Tanium, says people should also get in the habit of maintaining good security hygiene, especially when using a smartphone. “Ensure you’re using two-factor authentication, preferably through something other than your cell phone/another mobile app if your bank offers it,” Bischoping told Lifewire over email. She also recommends using a good password manager with adequate security settings, such as the ability to auto-lock the password manager after each use. Agreeing with his peers, Stephen Gates, Security Evangelist at Checkmarx, says one can never be too careful when using apps that handle real money. “While I have never put too much trust into mobile banking apps, some say I’m overly cautious,” Gates told Lifewire over email. “But when you observe the capabilities of Sova, I think my concerns are easily justified.”