SOVA, a Trojan horse virus labeled as very dangerous for mobile users, can encrypt Android phone which is also unable to remove it, targets mobile banking apps in India, according to the latest notice from the Indian Federal Cyber Security Agency .
SOVA was previously limited to the United States, Russia and Spain, but in July 2022 it included India in its list of targets.
The latest version of this malware hides in fake Android apps which appear with the logo of authorized apps such as Google Chrome, Amazon and NFT (non-fungible cryptocurrency token) platform to trick users into they install them.
“The first version of this malware appeared for sale in the underground markets in September 2021 with the ability to harvest usernames and passwords via keylogging, steal cookies and add false overlays to a range of applications,” the notice read.
“This malware captures credentials when users log into their online banking apps and access bank accounts. The new version of SOVA appears to target over 200 mobile apps, including banking apps and exchanges/wallets cryptographic,” reads further in the notice.
The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record videos from a webcam and can perform gestures like screen tapping, swiping and more. using the Android Accessibility Service.
It can also add fake overlays to a range of apps and imitate more than 200 banking and payment apps to scam Android user.
“It has been discovered that SOVA makers have recently upgraded it to its fifth version since its inception, and this version has the ability to encrypt all data on Android phone and hold it for ransom,” said he declared.
Even if the user tries to uninstall the malware from the settings or by pressing the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen and displaying a toast ( small popup) displaying “This application is secure”.
These attack campaigns can effectively compromise the privacy and security of sensitive customer data and lead to large-scale attacks and financial fraud.
Indian Computer Emergency Response Team or CERT is the federal technology arm to fight cyber attacks and protects the internet space from phishing and hacking attacks and similar online attacks.
The agency said it should also check the app’s permissions and only grant those that have context relevant to the app’s purpose.
They should install regular Android updates and patches and not browse untrustworthy websites or follow untrustworthy links and exercise caution when clicking on the link provided in unsolicited emails and messages .
The agency further suggested that users reduce the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as “your device manufacturer or system app store. exploitation”.
They should always check the app details, number of downloads, user reviews, comments and additional information section.
(To receive our electronic document daily on WhatsApp, please click here. To receive it on Telegram, please click here. We allow sharing of the PDF of the document on WhatsApp and other social media platforms.)
