Digital Forensics Dispatch
Digital Forensics Blog
by Sensei Enterprises, Inc.
Ransomware Now Targeting Smartphones
August 16, 2022
When we think of ransomware, we typically hear that it occurs on computers, but times are changing and ransomware is becoming more advanced. Researchers at an online fraud investigation company called Cleafy have found a new threat module after analyzing recent versions of the SOVA mobile banking trojan.
The new threat appears to be interested in stealing information from your Gmail, GPay, and Google Password Manager. It is also capable of seizing two-factor authentication codes, taking screenshots, protecting itself from being uninstalled, and stealing cookies and data.
Cleafy reported that the newest version of this malware is being sold on the dark web and can “record, perform gestures, and follow multiple commands.” The commands include swiping, clicking, copying and pasting, and activating an overlay screen to hide what is actually happening from the user.
This can become incredibly dangerous when users are buying items via online shopping and manually entering their credit card information. Additionally, manually logging into banking or credit card applications can be a big risk now as well.
According to Cleafy, the primary interest of this malware is your crypto exchanges and crypto wallets, but cookie stealing mechanisms were also found in the malware along with a comprehensive list of Google services.
iPhone users can take a deep breath as the SOVA malware is only an Android threat, but all smartphone users should still be cautious about what links they click on and the applications that they download.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology