Banking Fraud Virus: Government of India’s nodal cyber security agency CERT-In has recently issued a warning against SOVA Android Trojan targeting banking users in India. Banking Trojan steals usernames and passwords through keylogging, steals cookies and adds false overlays to many apps to deceive users. SOVA was earlier targeting countries like America, Russia and Spain, but since July 2022, many other countries including India are falling prey to it.
According to media reports, the latest version of this malware is fake Android apps. The ones that are on the Play Store with the logos of popular apps like Chrome, Amazon. This malware captures banking credentials, including usernames and passwords, when users log into banking apps and log into their accounts. Regarding this, the government has shared a list that can help Android smartphone users to protect themselves from this dangerous banking malware.
Download apps only from Google Play Store
Always download apps only from official app stores such as your device’s manufacturer or operating system App Store.
Always check the ‘Additional information’ section
Any app on your Android device must always read the number of downloads, user reviews, comments and ‘Additional information’ sections before downloading/installing apps.
Always install Android security patches/updates
Make sure you install updates and patches as and when updates are available for your Android device. This reduces the risk of any virus attack on your phone. DO NOT CLICK ON LIKE LINKS GIVEN IN ANY EMAIL AND SMS.
See what permissions the downloaded app is asking for
Always check app permissions and only allow permissions that are useful.
Avoid suspicious numbers
Messages from suspicious numbers Or avoid links that don’t look like real mobile phone numbers. Scammers often hide their identities using email-to-text services to avoid revealing their real phone numbers.
Beware of URL shorteners
Be careful with short URLs, such as those that contain bit.ly and tinyurl. The government in its advisory has asked users to check the entire website domain of the shortened URL to which they are visiting.
Check SSL Certificate
< p>Do not visit any website that does not have an SSL certificate.
Report unusual activity to your bank
Advice to Banking Customers They are requested to immediately report any unusual activity in their account to the concerned bank so that appropriate further action can be taken.