SOVA, a Trojan virus which is being termed very dangerous for the mobile users, can encrypt an Android phone which is also unable to remove, is targeting mobile banking applications in India as per the latest advisory by India's Federal Cyber Security Agency.
SOVA was earlier limited to only US, Russia and Spain, but in July 2022, it has included India, in its list of targets.
The latest version of this malware hides within fake Android applications that show up with the logo authorized apps such as Google Chrome, Amazon, and NFT (non-fungible token linked to cryptocurrency) platform to deceive users into installing them.
"The first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest user names and passwords via keylogging, stealing cookies and adding false overlays to a range of apps,” the advisory mentioned.
“This malware captures the credentials when users log into their net banking apps and access bank accounts. The new version of SOVA seems to be targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets,” further read the advisory.
The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe and much more using android accessibility service.
It can also add false overlays to a range of apps and mimic over 200 banking and payment applications in order to con the Android user.
“It has been discovered that the makers of SOVA recently upgraded it to its fifth version since its inception, and this version has the capability to encrypt all data on an Android phone and hold it to ransom,” it mentioned.
Even if the user tries to uninstall the malware from the settings or by pressing the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen and showing a toast (small popup) displaying 'This app is secured'.
These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in large-scale attacks and financial frauds.
The Indian Computer Emergency Response Team or CERT is the federal technology arm to combat cyber attacks and guards the Internet space against phishing and hacking assaults and similar online attacks.
The agency said that one should also verify app permissions and grant only those which have relevant context for the app’s purpose.
They should install regular Android updates and patches and not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and messages.
The agency further suggested that users should reduce the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as "your device’s manufacturer or operating system app store."
They should always review the app details, the number of downloads, user reviews, comments and additional information section.
