The nation’s cyber security organization, the Indian Computer Emergency Response Team (CERT-In), issues a warning for everyone who uses their smartphone for banking.
Indian clients are the target of the new mobile banking “Trojan” virus SOVA, according to a warning from CERT-In. SOVA can encrypt an Android phone without the owner’s knowledge and ask for a ransom. It is hard to get rid of.
The malware has the capacity to collect cookies, install phoney overlays on a variety of programmes, and keylog users’ credentials and passwords.
The hackers who released the malware first went after countries like the United States, Russia, and Spain. In July 2022, they added India to their list of targets.
It is said that this malware steals users’ credentials when they use their online banking apps to log in to their bank accounts.
CERT-In, which is part of the IT Ministry, says that these attacks could seriously hurt the security and privacy of important consumer data, which could lead to massive attacks and financial fraud.
These apps are targeted by the malware.
The latest version of SOVA seems to be going after more than 200 mobile apps, such as banking apps and cryptocurrency exchanges/wallets.
In order to trick users into installing them, the most recent iteration of this virus disguises itself within phoney Android applications that display the logos of a select number of well-known real programmes, such as Chrome, Amazon, and the NFT platform.
Like most Android banking Trojans, this one spread through smishing, which means “phishing through SMS.”
Once the fake Android app downloaded and installed on the phone, it sends a list of every app that downloaded to the C2 (Command and Control) server that controls the threat actor in order to get the list of targeted apps.
The virus can do a lot of different things, like record video from a webcam, take screenshots, record keystrokes, steal cookies, steal multi-factor authentication (MFA) tokens, and do things like click and swipe on the screen.
The cyber security agency warned that over 200 banking and payment applications might copied, pasted, and imitated using the Android accessibility service.
How can I prevent this attack?
CERT-In says that SOVA updated to its fifth edition, which has the ability to encrypt all of an Android phone’s data and hold it for ransom.
The government suggested that by limiting downloads to legitimate app stores, the public would be less likely to install potentially malicious programs.
Before you download or install an app on an Android device, you should look at the app’s information, the number of downloads, user ratings, comments, and the “Additional Information” section.
Verify the app’s permissions and only allow those that are necessary for the app’s objectives. CERT-In said that as soon as updates and fixes for Android devices are available by the companies that make them installed.
In general, you should avoid going to untrustworthy websites and clicking on untrustworthy links. You should also be careful when clicking on links in spam emails and text messages.
Look out for numbers that don’t appear to be genuine mobile phone numbers and are suspicious. Scammers often use email-to-text services to hide who they are and to avoid giving out their real phone number.
Before clicking the link in the message, do a thorough investigation. Users should tell their bank right away if something strange happens with their account and give the bank all the information it needs to handle the situation.
