Sova Android Trojan

Dan Liles


Cyberattackers are using the new SOVA exploit to steal banking details from Android smartphones. 

Cyberattackers have written a new malicious application designed for android devices that aims to steal any crypto-currency or banking details that are stored on the device.

It does this by using an overlay attack, hiding over banking apps and other eCommerce platforms. An overlay attack is a type of cyberattack specific to mobile devices, which works by a malicious app opening over the active window of the legitimate app. Banking and e-commerce apps require users to share either their banking login credentials or credit card numbers, which gives the Cybercriminals access to these details. This allows them to steal money from the user as well as their personal data.

Another feature of the SOVA software is that it exploits the accessibility features of the Android operating system, which allows it elevated permissions to steal data meaning that any private text messages or emails can be read by the attacker and even hidden from the user.

What sets the SOVA software apart from other Android Malware is how versatile and feature-rich it is. In the past, smartphone specific malware has been simpler and had singular functions, whereas the SOVA application can do multiple things at once. It is also complex enough to know when a user is trying to uninstall it and will defend the app carrying the SOVA software, making the removal of it very difficult.

The Android operating system is the most popular operating system in the world (ahead of even Microsoft Windows), with 42.5% of devices globally running it. It runs on Smartphones and tablets manufactured by big brands such as Samsung, Motorola, Huawei, and Google. Android is also used as the operating system of many public devices, for example, inventory scanner devices in warehouses and public ticket machines in train stations.

We recommend making your mobile device more secure by ensuring you only install apps from trusted sources, such as the Google Play Store or the App Store.

Follow Cyber Wise on Twitter @cyber-wise and visit our website to see what we could do to help protect your business online.

Cyber Wise

Latest articles

Coronavirus Live Support

We've created this live blog to update you with useful and relevant insights into the latest developments surrounding the COVID-19 pandemic.

White Paper

Accelerate your growth

Take the next step on your business growth journey. Remove barriers and put plans in place to monitor success.



Play to your strengths

In this episode with Twelve Scholars, Nigel discusses being proactive and how to play to your strengths.