SOVA Android Trojan: There has been a virus targeting bank accounts. The name of the virus is SOVA Android Trojan. This is a mobile banking malware campaign targeting bank accounts. The central government has issued a warning about this virus. The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has released its latest report, based on which the government has issued a warning.
According to media reports, a Trojan named SOVA has previously targeted countries like America, Russia and Spain. Since July 2022, it has taken India’s banking users under its radar along with many other countries. According to the Ministry of Electronics and Information Technology, this malware, Fake Android apps that look like some famous apps like Chrome, Amazon, NFT is hidden within.
According to the information, the new version of SOVA malware is targeting more than 200 mobile applications. Especially its targets include banking apps and crypto exchanges/wallets. According to reports, the malware records the credentials when banking users log into their net banking app and access bank accounts. CERT-in says that like most Android banking Trojans, this malware is spread through smishing (phishing via SMS) attacks.
After the fake Android application is installed on the phone, it sends a list of all the applications installed on the device to C2 (Command and Control Server). C2 then sends the list of addresses for each targeted application back to the malware, and the virus saves this information in an XML file.
What does SOVA malware do?
This malware works by collecting keystrokes, stealing cookies, intercepting Multi-Factor Authentication (MFA) tokens, taking screenshots and recording video from webcam, making gestures like screen clicks, swipes etc using Android Accessibility Service.
The report said that it has been learned that the creators of SOVA have recently upgraded it to the fifth version. Due to this its capacity has become more than before. The latest version of malware has the ability to encrypt all the data and use it for ransom. According to the report, a special feature of the virus is that if a user tries to stop the malware by going to the settings or pressing the icon, then SOVA is able to stop it. In this case, this Trojan confuses the user by returning to the home screen and showing a popup “This app is safe”.
how to stay safe from virus
CERT-In has given some suggestions. according to which
- Before downloading your app, check its source thoroughly. Download the app only from the official app store.
- Allow the app only those permissions that you need to use that app.
- Install the patch to update Android, don’t switch to another untrusted browser.
read this also-