The Sova virus is a new type of mobile banking malware campaign. It uses the virus called SOVA Android Trojan. Previously, Sova focused on countries like the USA, Russia and Spain and later targeted India.
This virus is one of the most dangerous viruses for mobile net banking users in India. It is hard to uninstall and is the fifth version of the first detected virus in Indian cyberspace.
It has the capability to encrypt all the data. This was reported by the country’s federal cyber security agency.
This version of the malware hides the fake android applications that have similar logos, equivalent to the search engines like Chrome, Amazon, and NFT platforms to fool users by installing it.
The key feature of this virus is its smart action. It recodes the protection module that aims to save itself from different victims’ actions.
In a scenario, when the user tries to uninstall the malware from its setting options on their device. Then the Sova virus interrupts the actions of the user and automatically returns to the home screen. The twist to this action is the message displaying ‘This app is secured’.
This will result in creating harmful situations for users that affect their privacy and the security of sensitive customer data. This will further lead to large-scale attacks and financial fraud occurring on the users’ side.
This virus targets more than 200 mobile applications that consist of banking applications along with crypto exchanges and wallets.
FEATURES OF SOVA VIRUS:
- The virus collects keystrokes and steals cookies from the devices.
- They sixteen the multi-factor authentication (MFA) tokens.
- Malware takes screenshots and records videos from the webcam without the user’s permission.
- It performs gestures like click and swipe using the android accessibility service.
- In addition, false overlays exist in a range of apps.
- It can also copy and paste up to 200 banking and payment applications.
- Threat to Indian cyberspace
PREVENTION METHODS/BEST PRACTICES TO FOLLOW:
Limit your download sources to official app stores, device manufacturers or operating system app stores.
Always review the apps before installing them from the Google Play Store app. Never check the ‘Untrusted sources’ checkbox for side-loaded apps.
Perform updates and patches when present on the android device vendors.
Avoid un-trusted websites or un-trusted links and exercise caution.
Be careful of the unidentified email-to-text services to hide their actual numbers.
Only access those links that show the website domain. Users need to cross-check by searching for the links on the search engine to ensure the website is legitimate.
Update and Install the antivirus or any spyware software on your device.
Valid encryption certificates can be checked through the green lock in the browser’s address bar before providing any sensitive information.
Any unusual activity needs to be reported in the customer’s account immediately to their respective banks.
— ENDS —