SOVA Android Malware !!!
SOVA is a banking trojan for Android that steals personal information from banking apps by impersonating a legitimate user. When customers connect in to their mobile or desktop net-banking programs and access their bank accounts, this spyware records their credentials. It is not feasible to uninstall once it has been installed.
“the malware is propagated by smishing, which is phishing via SMS attacks, like the majority of Android banking Trojans,” says the SOVA Trojan. Once the fake Android application has been installed on the phone, it will send a list of all the applications that have been installed on the device to the C2 server, which is the Command and Control server controlled by the threat actor. This will allow the threat actor to obtain a list of the applications that have been targeted.
At this point, the C2 component of the malware will give back to the virus a list of addresses for each application that will be targeted, and the malware will store this information within an XML file. The interactions between the virus and the C2 server are then used to administer the applications that were intended to be compromised.