New Mobile Banking ‘Trojan’ Virus Prowls India’s Cyberspace, Government Warns – Attractive Area

A new mobile banking ‘Trojan’ virus – SOVA – that can stealthily encrypt an Android phone for ransom and is difficult to uninstall is targeting Indian customers, the country’s federal cybersecurity agency said in its latest advisory.

The virus has advanced to its fifth version after it was first detected in Indian cyberspace in July, he said.

“It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using the SOVA Android Trojan. The first version of this malware appeared for sale in the underground markets in September 2021 with the ability to harvest usernames and passwords via key logging, cookie stealing and adding fake overlays to a range of applications,” the notice states.

SOVA, he said, previously focused on countries like the United States, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets. .

The latest version of this malware, according to the notice, hides in fake Android apps that appear with the logo of a few famous legit apps like Chrome, Amazon, NFT (non-fungible cryptocurrency-related token) platform for trick users into installing them.

“This malware captures credentials when users log into their online banking applications and access bank accounts. The new version of SOVA appears to target over 200 mobile apps, including banking apps and crypto exchanges/wallets,” the notice states.

Computer Emergency Response Team of India or CERT-In is the federal technology arm to fight against cyber attacks and protects the internet space against phishing and hacking attacks and similar online attacks.

The agency said the malware is distributed via smishing (phishing SMS) attacks, like most Android banking Trojans.

“Once the fake Android app is installed on the phone, it sends the list of all the apps installed on the device to the C2 (command and control server) controlled by the threat actor to get the list of targeted apps. »

“At this point, the C2 returns the list of addresses for each targeted application to the malware and stores this information in an XML file. These targeted applications are then managed through communications between the malware and C2,” he said.

The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record videos from a webcam and can perform gestures such as tapping the screen, swiping, etc. Android accessibility service.

It can also add fake overlays to a range of apps and ‘imitate’ more than 200 banking and payment apps in order to scam the Android user.

“It has been discovered that SOVA makers have recently upgraded it to its fifth version since its inception, and this version has the ability to encrypt all data on Android phone and hold it for ransom,” said he declared.

Another key feature of the virus, according to the advisory, is the refactoring of its “protections” module, which aims to protect against various actions of victims.

For example, he says, if the user tries to uninstall the malware from the settings or by tapping the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen. and displaying a toast (small popup) displaying “This application is secure”.

These attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and lead to “large scale” attacks and financial fraud, he said.

The agency also suggested some countermeasures and best practices that users can implement to protect themselves from the virus.

Users should reduce the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as your device manufacturer or the operating system’s app store. They should always check app details, number of downloads, user reviews, comments and “ADDITIONAL INFORMATION section,” he said.

It’s also worth checking the app’s permissions and granting only those that have context relevant to the app’s purpose.

They should install regular Android updates and patches and not browse untrustworthy websites or follow untrustworthy links and exercise caution when clicking on the link provided in unsolicited emails and SMS .

We want to say thanks to the author of this post for this remarkable web content

New Mobile Banking ‘Trojan’ Virus Prowls India’s Cyberspace, Government Warns – Attractive Area

We have our social media pages here and additional related pages here.