This dangerous new malware now also packs ransomware to lock your Android phone

Android users facing double threat with added ransomware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new strain of dangerous ransomware has evolved to target Android devices, researchers are warning.

Experts from Cleafy have analyzed the fifth and latest version of the popular Android banking trojan SOVA, and discovered multiple new features, including the ability to encrypt locally stored files.

According to the researchers, themalwareuses AES encryption to add the .enc extension to all files and prevent the user from accessing them.

Developing the trojan

“The ransomware feature is quite interesting as it’s still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data,” Cleafy says.

The fifth version of the trojan is not fully developed, the researchers added, but warned it is nevertheless ready for mass deployment.

SOVA’s owners have been aggressively developing their product for the past couple of months. So far this year, the tool has seen numerous new tools introduced, including two-factor authentication interception, as well as new injections for multiple global banks. It has also seen virtual network computing (VNC) capabilities for on-device fraud. This feature, however, still seems to be under construction.

Ransomware attacks are on the rise, so make sure your business is protected>Ransomware is more of a threat to businesses than ever before>Keep your business safe with the best endpoint protection

SOVA is currently capable of targeting more than 200 banks worldwide, as well as numerous cryptocurrency exchanges, and digital wallets. It is capable of taking screenshots, performing taps and swipes, stealing files from compromised endpoints, and adding overlay screens for various apps. It can also steal cookies froM Gmail, Gpay, as well asGooglePassword Manager.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far,ransomwarewas only reserved for desktop devices and servers, as its operators were mostly interested in targeting companies and corporations. It seems as the threat actors are looking to diversify, as businesses get better at protecting their premises and keeping airgapped backups.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Alien: Romulus gets a Hulu release date but there’s still no word on when it’s coming to Disney Plus