The Center’s Warning About This New Mobile Banking Virus Should Not Be Ignored

The Center has advised Indian mobile banking users to be cautious of a difficult-to-uninstall ‘Trojan horse’ virus that can secretly encrypt an Android phone for ransom. It has the potential to compromise sensitive customer data and lead to “large scale” financial fraud.

The notice was published on September 10 by Computer Emergency Response Team (CERT-In), the nodal agency of the Ministry of Electronics and Information Technology working to combat cybersecurity threats. He informed: “It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using the SOVA Android Trojan.”

The notice stated that the first version of the malware was sold illegally in September 2021. It then had the ability to obtain usernames and passwords via key logging, steal cookies, and add faux overlays to a range of applications. It initially only targeted a few countries like the United States, Russia, and Spain, but in July 2022, India was also on the list.

– Advertising –

The malware has upgraded to the fifth version, according to the notice, hiding in fake Android apps that appear with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible crypto-related token). currency) platform to trick users into installing them.

The CERT-In advisory warns that the upgraded SOVA now targets over 200 mobile apps, including banking apps and crypto exchanges/wallets. It spreads through fraudulent messages and once inside the device, it records user information at the time of logging into online banking applications.

“Once the fake android app is installed on the phone, it sends the list of all the apps installed on the device to the C2 (command and control server) controlled by the threat actor in order to get the list of Targeted Applications”, CERT- Informed.

“At this point, the C2 returns the list of addresses for each targeted application to the malware and stores this information in an XML file. These targeted applications are then managed via communications between the malware and the C2.”

The malware is so powerful that it can capture keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures such as tapping the screen, swiping, etc. with the use of the Android accessibility service.

To hide, it can also add pseudo-overlays to a range of apps and replicate over 200 banking and payment apps.

It incorporates different ways to protect yourself. If the user tries to uninstall the malware from the settings or by pressing the icon, SOVA is able to catch these actions and prevent the victimized user by returning them to the home screen and displaying a small “This app is secure” pop-up window.

How to secure your device?

The agency advised some countermeasures to reduce vulnerability to the virus.

Users should be careful while downloading the app. It is recommended to download from official app stores – device manufacturer or operating system app store. Here too, users should check the app details, number of downloads, user reviews, comments and “ADDITIONAL INFORMATION” section.

Only relevant permissions should be granted to the application.

Keep your smartphone up to date with the latest Android updates and patches.

Do not open untrustworthy websites or follow untrustworthy links.

When you click on the link provided in unsolicited emails and text messages, be very careful.

We would like to give thanks to the writer of this article for this awesome material

The Center’s Warning About This New Mobile Banking Virus Should Not Be Ignored

You can view our social media pages here and other pages related to them here.