Delhi: A new mobile banking ‘Trojan’ virus -SOVA -which can stealthily encrypt an Android phone for ransom and is hard to uninstall is targeting Indian customers, the country’s federal cyber security agency said in its latest advisory. The virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July, it said.
“It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan.The first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest user names and passwords via key logging, stealing cookies and adding false overlays to a range of apps,” the advisory said.
SOVA, it said, was earlier focusing on countries like the US, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets.
HOW TROJAN VIRUS ATTACKS?
- The latest version of this malware, according to the advisory, hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible token linked to crypto currency) platform to deceive users into installing them.
- This malware captures the credentials when users log into their net banking apps and access bank accounts. The new version of SOVA seems to be targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets.
- The agency said the malware is distributed via smishing (phishing via SMS) attacks, like most Android banking Trojans.
- The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe etc. using android accessibility service.
- It can also add false overlays to a range of apps and “mimic” over 200 banking and payment applications in order to con the Android user.
- Another key feature of the virus, is the refactoring of its “protections” module, which aims to protect itself from different victim actions. For example, it said, if the user tries to uninstall the malware from the settings or pressing the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen and showing a toast (small popup) displaying “This app is secured”.
HOW TO KEEP YOUR ANDROID SAFE
- Download apps only from trusted and official app stores like Play Store or device’s manufacturer or operating system app store.
- Users should always review the app details, number of downloads, user reviews, comments and additional information section.
- One should also verify app permissions and grant only those which have relevant context for the app’s purpose.
- Do not miss out on Android updates and security patches
- Do not click on unsolicited or un trusted websites and links that are often sent via SMS.
- Keep a watch on suspicious numbers
The Indian Computer Emergency Response Team or CERT-In is the federal technology arm to combat cyber attacks and guards the Internet space against phishing and hacking assaults and similar online attacks.