New ‘Trojan’ virus hacking mobile banking apps in India

SOVA, a Trojan virus termed as highly dangerous for mobile users, can encrypt an Android phone which cannot also be removed, is targeting mobile banking applications in India according to the latest advisory from India’s Federal Cyber ​​Security Agency.

SOVA was previously limited to only the United States, Russia and Spain, but in July 2022 it has included India in its list of targets.

The latest version of this malware hides in fake Android applications that appear with logo-authorized apps like Google Chrome, Amazon, and the NFT (Non-Fungible Token Linked to Cryptocurrency) platform to trick users into installing them.

“The first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest usernames and passwords via keylogging, steal cookies and add fake overlays to a variety of apps,” the message says.

“This malware captures the credentials when users log into their online banking apps and access bank accounts. The new version of SOVA appears to target more than 200 mobile applications, including banking apps and crypto exchanges/wallets,” the message continues.

The lethality of the virus can be measured by the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures such as screen clicks, swipes and much more user android accessibility service.

It can also add fake overlays to a number of apps and impersonate over 200 banking and payment applications to trick the Android user.

“It has been discovered that the makers of SOVA recently upgraded it to its fifth version since its inception, and this version has the ability to encrypt all data on an Android phone and hold it for ransom,” it said.

Even if the user tries to uninstall the malware from the settings or by tapping the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen and displaying a toast (small popup) showing “This app is secured “.

These attack campaigns can effectively compromise the privacy and security of sensitive customer data and result in large-scale attacks and financial fraud.

The Indian Computer Emergency Response Team or CERT is the federal technology arm to combat cyber attacks and protects the Internet space from phishing and hacking attacks and similar online attacks.

The agency said that one should also verify app permissions and only grant those that have relevant context for the app’s purpose.

They should install regular Android updates and patches and not browse untrusted websites or follow untrusted links and exercise caution while clicking on links in unsolicited emails and messages.

The agency further suggested that users should reduce the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as “device manufacturer or operating system app store.”

They should always go through the app details, number of downloads, user reviews, comments and additional information.