The Indian federal cyber security agency issues latest advisory that warns against new mobile banking 'Trojan' virus, SOVA targeting Indian customers
SOVA can stealthily encrypt an Android phone for ransom.
It is hard to uninstall using "protections" module, which aims to protect itself from different victim actions. SOVA is able to intercept victim actions like uninstall app and prevent them by returning to the home screen and showing a toast (small popup) displaying “This app is secured."
The virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July, the Indian Computer Emergency Response Team or CERT-In, the federal technology arm said.
As per the advisory, the first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest user names and passwords (like net banking via key logging, stealing cookies and adding false overlays to a range of apps, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe etc. using android accessibility service.
SOVA was earlier focusing on countries like the US, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets
How Does SOVA get installed on phone?
The agency said the malware is distributed via smishing (phishing via SMS) attacks and once installed on the phone, it sends the list of all applications installed on the device to the attacker's C2 (command and control server) .
Notably, the latest version deceives users into installing it though fake Android applications ( more than 200 mobile applications) that show up with the logo of a few famous legitimate apps like banking apps, Chrome, Amazon, NFT (non-fungible token linked to crypto currency) platform [1]
How can you protect yourself?
The agency also suggested some counter-measures and best practices, summarized below:
Limit app downloads to only official app stores, such as your device's manufacturer or operating system app store.
Review the app details, number of downloads, user reviews, comments and "ADDITIONAL INFORMATION" section.
Verify app permissions and grant only those which have relevant context for the app's purpose.
Install regular Android updates and patches.
Don't browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs.
Ref:
Comments