Banking Fraud Virus: CERT-In, the nodal cyber security agency of the Government of India, has recently issued a warning against the SOVA Android Trojan targeting banking users in India. Banking Trojan steals usernames and passwords through keylogging, steals cookies and adds false overlays to many apps to deceive users. SOVA was earlier targeting countries like America, Russia and Spain, but since July 2022, many other countries including India are falling prey to it.
According to media reports, the latest version of this malware hides itself within fake Android apps that are on the Play Store with logos of popular apps like Chrome, Amazon. This malware captures banking credentials, including usernames and passwords, when users log into banking apps and log into their accounts. Regarding this, the government has shared a list that can help Android smartphone users to protect themselves from this dangerous banking malware.
Download apps only from Google Play Store
Always download apps only from official app stores such as your device’s manufacturer or operating system app store.
Always check the ‘Additional information’ section
Any app on your Android device must always read the number of downloads, user reviews, comments and ‘Additional information’ section before downloading/installing apps.
Always install Android security patches/updates
Make sure you install updates and patches as and when updates are available for your Android device. This reduces the risk of any virus attack on your phone. Do not click on the link given in any email and SMS like this.
See what permissions a downloaded app is asking
Always check app permissions and only approve permissions that are useful.
Avoid suspicious numbers
Avoid messages or links from suspicious numbers that do not look like real mobile phone numbers. Scammers often hide their identities using email-to-text services to avoid revealing their real phone numbers.
Beware of URL Shorteners
Be careful with short URLs, such as those that contain bit.ly and tinyurl. In its advisory, the government has asked users to see the entire website domain of the shortened URL, which they are visiting.
check ssl certificate
Do not visit any website which does not have SSL certificate.
Report unusual activity to your bank
Banking customers are advised to immediately report any abnormal activity in their account to the concerned bank so that appropriate further action can be taken.
read this also-