Govt warns about new mobile banking virus prowling in Indian cyberspace
According to the statement, SOVA had previously concentrated on nations including the US, Russia, and Spain but in July 2022 added a number of new nations, including India, to its list of targets. After being discovered for the first time in Indian cyberspace in July, the virus has advanced to its fifth version, according to the report.
Indian customers are the target of a new mobile banking "Trojan" virus called SOVA, which may secretly encrypt an Android phone for ransom and is difficult to remove, according to country's federal cyber security agency said in its latest advisory. After being discovered for the first time in Indian cyberspace in July, the virus has advanced to its fifth version, according to the report.
"Indian banking clients have reportedly been the target of a new mobile banking malware campaign utilising the SOVA Android Trojan, according to reports to CERT-In. The original iteration of this virus, which can steal cookies, install phoney overlays to a variety of programmes, and gather user names and passwords via key logging, first emerged for sale in dark markets in September 2021," the warning stated.
According to the statement, SOVA had previously concentrated on nations including the US, Russia, and Spain but in July 2022 added a number of new nations, including India, to its list of targets.
According to the advice, the most recent iteration of this virus lures users into installing it by disguising itself within phoney Android programmes that display the logo of a few well-known, legal apps including Chrome, Amazon, and NFT (non-fungible token connected to crypto currency).
"When users enter into their online banking applications and access bank accounts, this spyware steals their passwords. More than 200 mobile applications, including banking apps and cryptocurrency exchanges/wallets, appear to be targeted by the latest version of SOVA," the warning stated.
The federal technological arm to battle cyberattacks and protect the Internet against phishing and hacking attacks, among other online assaults, is the Indian Computer Emergency Response Team, or CERT-In. The organisation said that, like the majority of Android banking Trojans, the software is spread through smishing (phishing through SMS) assaults. In order to collect the list of targeted programmes, the fake Android application transmits the complete list of all installed apps to the threat actor's C2 (command and control server) after it has been installed on the phone.
Another key feature of the virus, according to the advisory, is the refactoring of its "protections" module, which aims to protect itself from different victim actions. The organisation also offered several preventative measures and recommended practises that users might implement to be protected from the infection. Additionally, one should check the app permissions and only approve those that are pertinent to the goal of the app.
Regular Android updates and patches should be applied, untrusted websites and links should not be browsed or followed, and caution should be taken when clicking on links contained in unsolicited emails and SMSs.
(With PTI inputs)