Beware of new SOVA malware! It could steal data from Gmail, GPay, and others

A new malware is reportedly being operationalised by hackers that is stealing data from Gmail, GPay and Google Password Manager accounts. Dubbed as SOVA malware, it is spreading to other online platforms such as banking apps and online shopping services. According to reports, hackers use the bugs to send and steal two-factor authentication (2FA) codes so that they can get access to Victims' data. For the unversed, 2FA codes are used to verify that an account is being logged in by the owner only. Though it's believed to be the safest way, hackers use SOVA users to overlay a fake display on a phone's screen so that they can steal usernames, passwords and codes.

The most scary thing about this malware is that it uses fake versions of trusted apps, such as Google's Chrome, Amazon NFT platform or others to enter the device.

What is SOVA malware?

SOVA malware is an Android Banking Trojan that was first discovered last year in September. It steals banking data and 2FA codes. According to Cleafy, until March 2022, SOVA was found to be responsible for 2FA interception, cookie stealing and injecting new targets. However, in July 2022, SOVA (v4) was detected targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets. Moreover, it contained refactored and improved code to operate more stealthy on the compromised device. Its latest version, 5.0, even adds ransomware to the device. It uses AES encryption to lock all files in the target devices and affix the ".enc" extension on the renamed, encrypted files.

It has recently been spotted actively growing in the UK, USA, Italy, Spain and Germany. In order to protect yourselves from SOVA malware, it is advisable to download apps only from well-known developers and software from trusted sources such as the Google Play Store.

One must avoid downloading or clicking any link received via text message or social media.