SOVA mobile virus attacking Android phones
A new mobile banking ‘Trojan’ virus called SOVA can stealthily encrypt an Android phone for ransom and is hard to uninstall. The virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July.
The latest version of this malware hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT platform to deceive users into installing them. The Indian Computer Emergency Response Team (CERT-In) said the malware is distributed via smishing attacks.
The advisory said, “The first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest user names and passwords via key logging, stealing cookies and adding false overlays to a range of apps. This malware captures the credentials when users log into their net banking apps and access bank accounts. The new version of SOVA seems to be targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets.”
The virus can also intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe etc. using android accessibility service. The virus refactors its “protections” module, which aims to protect itself from different victim actions.
Users are advised to reduce the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as your device’s manufacturer or operating system app store, they should always review the app details, number of downloads, user reviews, comments and “Additional Information” section. One should also verify app permissions and grant only those which have relevant context for the app’s purpose. They should install regular Android updates and patches and not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.