I'll outline the skills that are essential and necessary to become a White Hat Hacker in this article. If you can master all of these skills, you will certainly become a successful white hat hacker. So, without further ado, let's get down to business. 1. Knowledge of computer networking One of the most important skills for becoming an ethical hacker is networking. The PC network is simply the connectivity of several devices, most commonly referred to as Hosts, that are linked via various methods to send/receive data or media. Computer Network Tutorials can help you learn how to organize your PC. 2. Computer Skills PC talents are the knowledge and skills required to use computers and related technology. Information preparation, document management, and introductions are frequently included in basic PC abilities. Overseeing data sets, scripting, and conducting computations in accounting pages are all examples of advanced PC skills. A master of PC frameworks is required of a...
Intro
In the beginning of August 2021, Cybersecurity researchers came across a new Android banking trojan. Based on the login panel of the C2 server, we could see that it was called S.O.V.A. by its own creators.
Sova is the Russian word for owl. This name was chosen by the threat actor himself/herself possibly because of owl’s nature as nocturnal birds of prey, quiet but efficient in stalking and capturing their victims. This identifies a completely new, to the best of our knowledge, Android banking trojan. The trojan is currently in development and testing phase, and has the objective to add to his overlay and keylogging mechanisms, other highly dangerous features like DDoS and Ransomware in future versions. There are a few interesting aspects that differentiate this trojan to already existing ones, both in features as well as in development.
S.O.V.A. contains features that are usually available in current Android malware, including:
- Overlay attacks;
- Keylogging;
- Notification manipulation.
In addition, it stands out for a feature that is not as common in Android malware:
- Session cookies theft
This functionality allows the criminals to have access to valid logged in sessions from the users without the need of knowing the banking credentials.
Regardless, this malware is still in its infancy and it is undergoing a testing phase at the time of writing, prospecting serious and worrying plans for the near future. This observation is confirmed by a message from the researchers posted on hacking forums.
The researchers publicly advertises for trial of this new product - targeting a large number of banks - looking to improve the bots functionalities, and test on a large variety of mobile devices. In addition to testing, the researchers have established a clear roadmap of future features to be implemented in the malware.
Like many others, S.O.V.A. is also taking a page out of traditional desktop malware, confirming a trend that has been existing for the past few years in mobile malware. Including DDoS, Man in the Middle, and Ransomware to its arsenal could mean incredible damage to end users, in addition to the already very dangerous threat that overlay and keylogging attacks serve.
Regarding the development, S.O.V.A. also stands out for being fully developed in Kotlin, a coding language supported by Android and thought by many to be the future of Android development. If the researchers promises on future features are kept, S.O.V.A. could potentially be the most complete and advanced Android bot to be fully developed in Kotlin to this day.
NOTE: Just one day before the publishing of this blog, two new versions of S.O.V.A. were found in the wild. The new versions do not change radically from the original, but do introduce some new features and commands.
Follow
Us for More Updates
Comments
Post a Comment