About Us

IT Services


News & Events



Contact Us

  • Register

CoreTech Blog

CoreTech has been serving the Bowling Green area since 2006, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Sova, the Android Banking Malware, is Back and Worse than Before

Sova, the Android Banking Malware, is Back and Worse than Before

Even if mobile malware doesn’t have nearly as much of a presence in the cyber threat landscape as other major threats like ransomware variants, it is still just as dangerous under the right circumstances. An Android banking malware called Sova, for example, has returned with a vengeance with additional features to make users’ lives miserable.

What is Sova?

As an Android banking malware, Sova can provide criminals with back-end access to devices so they can cause all kinds of problems later on. Although it was originally released in September 2021 in an incomplete stage, it was still able to steal usernames and passwords through tactics such as keylogging and false overlays atop popular mobile applications.

Sova is more dangerous nowadays, as it is capable of deploying malware to infected devices, along with having a whole other lot of nasty features. It is remarkably flexible in that it can replicate over 200 banking and payment applications, as well as target cryptocurrency wallets. Sova is also able to take screenshots of infected devices and record audio through their microphones.

So, yeah, Sova is just a little scarier now.

Security researchers at Cleafy state, “The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity that arises in recent years, as mobile devices became for most people the central storage for personal and business data.”

Furthermore, Sova can weasel its way past multi-factor authentication measures by intercepting MFA tokens, even if the user has deployed multi-factor authentication to protect themselves.

How Can You Avoid This Threat?

Sova and other Android malware variants typically spread through fraudulent applications hosted on the Google Play store. If a user downloads the app, they are infected by Sova. We encourage all users to practice a certain level of caution and scrutiny with any downloadable applications, and you should never download an app from anywhere other than a trusted first-party source. It helps to look at reviews and descriptions of applications as well.

With mobile device management tools at your disposal, you can protect your business from mobile threats like Sova. With powerful enterprise-level security, you can whitelist or blacklist applications, remotely wipe infected devices, and so much more. With these solutions in place, you won’t be afraid of mobile threats.

To learn more, contact CoreTech at (270) 282-4926.

Employee Awareness Is Your Best Security
Is Your Business Equipped for Modern Collaboration...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, September 21, 2023

Captcha Image

Start Fighting Cyber Crime with KNOWLEDGE & ACTION!


Mobile? Grab this Article!

QR-Code dieser Seite

Understanding IT

IT can be a complicated thing - trust us, we know. With so much terminology and moving parts to keep track of, there are a lot of concepts that can be tricky to grasp without a little guidance. We’re here to provide this guidance with a few brief guides to key IT topics. Check them out here.

Contact Us

Learn more about what CoreTech can do for your business.

Call Us Today
Call us today
(270) 282-4926

1711 Destiny Lane
Suite 116

Bowling Green, Kentucky 42103