SOVA Android Trojan: A virus targeting bank accounts has been detected. The name of the virus is SOVA Android Trojan. This is a mobile banking malware campaign targeting bank accounts. The central government has issued a warning about this virus. The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has released its latest report, on the basis of which the government has issued a warning.
According to media reports, the Trojan named SOVA It has previously targeted countries like America, Russia and Spain. Since July 2022, it has taken India’s banking users under its radar along with many other countries. This malware, according to the Ministry of Electronics and Information Technology, hides inside fake Android apps that look like some famous apps like Chrome, Amazon, NFT.
According to the information, the new version of SOVA malware is targeting more than 200 mobile applications. Especially its targets include banking apps and crypto exchanges/wallets. According to reports, the malware records the credentials when banking users log in to their net banking app and access bank accounts. CERT-In says that like most Android banking Trojans, this malware is spread through smishing (phishing via SMS) attacks.
After the fake Android application is installed on the phone, It sends a list of all the applications installed on the device to C2 (Command and Control Server). After this C2 sends the list of addresses for each targeted application back to the malware and the virus saves this information in an XML file.
What does the SOVA malware
This malware is capable of collecting keystrokes, stealing cookies, intercepting Multi-Factor Authentication (MFA) tokens, taking screenshots and recording video from a webcam, using the Android Accessibility Service The screen works by using gestures like clicks, swipes, etc.
The report states that it has been learned that the makers of SOVA have recently upgraded it to the fifth version. Due to this its capacity has become more than before. The latest version of malware has the ability to encrypt all the data and use it for ransom. According to the report, a special feature of the virus is that if a user tries to stop the malware by going to the settings or pressing the icon, then SOVA is able to stop it. In this case, the Trojan returns to the home screen with a popup "this app is safe" It confuses the user by showing it.
How to stay safe from virus
CERT-In has some suggestions. According to which
- Before downloading your app, check its source thoroughly. Download the app only from the official app store.
- Allow the app only the permissions you need to use that app.
- To update Android Install the patch, don’t switch to another untrusted browser.