Delhi: A new mobile banking ‘Trojan’ virus -SOVA -which can stealthily encrypt an Android phone for ransom and is hard to uninstall is targeting Indian customers, the country’s federal cyber security agency said in its latest advisory. The virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July, it said.Also Read – Bank Customers Alert: SBI Waives Off SMS Charges On Mobile Fund Transfers. Here’s How to Use
“It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan. The first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest user names and passwords via key logging, stealing cookies and adding false overlays to a range of apps,” the advisory said. Also Read – Beware Of THIS New Mobile Banking Virus Targeting Indians. Deets Here
SOVA, it said, was earlier focusing on countries like the US, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets. Also Read – Android Phones Likely To Get Calling Facility Even Without Network | Details Inside
HOW TROJAN VIRUS ATTACKS?
- The latest version of this malware, according to the advisory, hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible token linked to crypto currency) platform to deceive users into installing them.
- This malware captures the credentials when users log into their net banking apps and access bank accounts. The new version of SOVA seems to be targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets.
- The agency said the malware is distributed via smishing (phishing via SMS) attacks, like most Android banking Trojans.
- The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe etc. using android accessibility service.
- It can also add false overlays to a range of apps and “mimic” over 200 banking and payment applications in order to con the Android user.
- Another key feature of the virus, is the refactoring of its “protections” module, which aims to protect itself from different victim actions. For example, it said, if the user tries to uninstall the malware from the settings or pressing the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen and showing a toast (small popup) displaying “This app is secured”.
HOW TO KEEP YOUR ANDROID SAFE
- Download apps only from trusted and official app stores like Play Store or device’s manufacturer or operating system app store.
- Users should always review the app details, number of downloads, user reviews, comments and additional information section.
- One should also verify app permissions and grant only those which have relevant context for the app’s purpose.
- Do not miss out on Android updates and security patches.
- Do not click on unsolicited or un trusted websites and links that are often sent via SMS.
- Keep a watch on suspicious numbers.
The Indian Computer Emergency Response Team or CERT-In is the federal technology arm to combat cyber attacks and guards the Internet space against phishing and hacking assaults and similar online attacks.
(With PTI inputs)
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
