Indian Federal Cyber Security Agency said in its latest advisory that a new mobile banking ‘Trojan’ virus, SOVA, which can secretly encrypt an Android phone for ransom and is difficult to uninstall, is targeting Indian customers. Is. The virus has been upgraded to its fifth version after it was first detected in Indian cyberspace in July, said the Indian Computer Emergency Response Team or CERT-in, the federal technology arm, which combats cyber attacks and fights against phishing and hacking. Protects against internet location. attacks and similar online attacks.
According to the advisory, “It has been reported” CERT-In That Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan. The first version of this malware appeared for sale in underground markets in September 2021, with the ability to harvest usernames and passwords via key logging, steal cookies, and add false overlays to a range of apps.
Further notifying that SOVA was earlier focusing on countries like US, Russia and Spain but in July 2022 it added several other countries including India to its list of targets. Notably, the latest version of this malware hides itself within fake Android applications that appear with the logos of some well-known legitimate apps like Chrome, Amazon, NFT (Fungible Tokens associated with crypto currency) platforms to deceive users. Is. According to news agency PTI report good.
The advisory additionally states, “This malware captures the credentials when users log into their net banking app and access bank accounts. The new version of SOVA is targeting over 200 mobile applications.” , including banking apps and crypto exchanges/wallets.”
The agency said that the malware, like most Android banking Trojans, is distributed through smishing (phishing via SMS) attacks, “Once the fake Android application is installed on the phone, it will list all the applications installed on the device.” 2 (Command and Control Server) controlled by the threat actor to obtain a list of target applications.”
“At this point, C2 sends the list of addresses of each target application back to the malware and stores this information inside an XML file. These target applications are then managed through communication between the malware and C2, It said.
The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept Multi-Factor Authentication (MFA) tokens, take screenshots and record videos from webcams. and can use gestures like screen click, swipe etc. Android Accessibility Service.
It can also add false overlays to a range of apps and “mimic” more than 200 banking and payment applications to deceive Android users. “It turns out that the makers of SOVA recently upgraded it to its fifth version since its inception, and this version has the ability to encrypt all data on an Android phone and hold it for ransom.”
According to the advisory, another key feature of the virus is the refactoring of its “protection” module, which aims to protect itself from various victim actions. For example, it said, if the user tries to uninstall malware from the settings or presses the icon, SOVA is able to prevent these actions by returning to the home screen and showing a toast (small popup)” This app” displays. is safe.”
It said these attack campaigns could effectively jeopardize the privacy and security of sensitive customer data and could result in “massive” attacks and financial fraud. The agency also suggested some counter-measures and best practices that can be taken by users to keep them safe from the virus.
Users should minimize the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as your device’s manufacturer or operating system “Extra” should be reviewed. information” section, it said.
One should verify app permissions and grant only those who have context relevant to the purpose of the app. They should regularly install Android updates and patches and should not browse untrusted websites or follow untrusted links and should be careful while clicking on the links provided in any unsolicited emails and SMS.
(with inputs from PTI)
catch all business News, market news, today’s fresh news events and breaking news Updates on Live Mint. download mint news app To get daily market updates.