HT TECH wants to start sending you push notifications. Click allow to subscribe

Your bank account is in danger, govt warns; Shocking Trojan phone virus is on fake Amazon, Chrome apps

The CERT-In has informed about a new mobile banking malware campaign using SOVA Android Trojan that is attacking more than 200 mobile apps.
By: HT TECH
Updated on: Sep 17 2022, 13:30 IST
Here is how you can keep your bank account safe from Trojan phone virus that dupes users with fake amazon, Chrome apps. (Representative Image) (Pixabay)
Here is how you can keep your bank account safe from Trojan phone virus that dupes users with fake amazon, Chrome apps. (Representative Image) (Pixabay)

The Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan, the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology informed in its latest report. SOVA was earlier focusing on countries like the USA, Russia, and Spain, however, since July 2022 it added India too along with several other countries in its list of targets, the agency informed. The latest version of this malware hides itself within fake Android apps that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT platform to deceive users into installing them.

The new version of SOVA malware is targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets. The malware captures the credentials when the users log into their net banking apps and access bank accounts. "As per the reports, the malware is distributed via smishing (phishing via SMS) attacks, like most Android banking Trojans. Once the fake android application is installed on the phone, it sends the list of all applications installed on the device to the C2 (command and control server) controlled by the threat actor in order to obtain the list of targeted applications," CERT-In said.

Top Gadgets

Mobiles Laptops Tablets
Apple iPhone 14
  • Blue
  • 6 GB RAM
  • 128 GB Storage
₹82,999₹89,900
Buy now
Apple iPhone 14 Pro
  • Gold
  • 6 GB RAM
  • 128 GB Storage
₹129,900
Buy now
OnePlus Nord 2 8GB RAM
  • Grey Sierra
  • 8 GB RAM
  • 128 GB Storage
₹30,199₹39,999
Buy now
OnePlus Nord CE 2 Lite 5G
  • Black Dusk
  • 6 GB RAM
  • 128 GB Storage
₹21,990
Check details
View More Mobiles
Dell Inspiron 14 5410
  • 8 GB DDR4 RAM RAM
₹77,399
Check details
Apple MacBook Pro M1 Max MK1H3HN A Ultrabook
  • 32 GB RAM RAM
₹309,890
Check details
Asus ROG Flow X13 GV301QH K6054TS Laptop
₹112,990
Check details
Dell Inspiron 14 5410 D560632WIN9S
  • 16 GB DDR4 RAM RAM
₹72,150₹88,990
Buy now
View More Laptops
Realme Pad
  • Real Gold
  • 3 GB RAM
  • 32 GB Storage
₹22,999
Check details
Lenovo Tab P11
  • Platinum Grey
  • 4 GB RAM
  • 128 GB Storage
₹16,890
Check details
Realme Pad LTE
  • Real Gold
  • 3 GB RAM
  • 32 GB Storage
₹16,799₹29,999
Buy now
Moto Tab G20
  • Platinum Grey
  • 3 GB RAM
  • 32 GB Storage
₹10,999
Check details
View More Tablets

It further added, "At this point, the C2 sends back to the malware the list of addresses for each targeted application and stores this information inside an XML file. These targeted applications are then managed through the communications between the malware and the C2."

Also read: Looking for a smartphone? To check mobile finder click here.

SOVA malware's list of functions

The malware's list of functions includes the ability to collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam, perform gestures like screen click, swipe etc. using Android accessibility service, copy/paste, adding false overlays to a range of apps, mimic over 200 banking and payment applications.

"It has been discovered that the makers of SOVA recently upgraded it to its fifth version since its inception, and this version has the capability to encrypt all data on an Android phone and hold it to ransom," the report said. Another key feature of the virus, according to the report, is the refactoring of its "protections" module, which aims to protect itself from different victim actions.

For example, if the user tries to uninstall the malware from the settings or pressing the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen and showing a toast (small popup) displaying “This app is secured," it said.

These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in large-scale attacks and financial frauds.

How to stay safe from the virus

CERT-In also suggested some best practices that can used to stay safe from the virus. The measures include- reduce the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as your device's manufacturer or operating system app store, review the app details, number of downloads, user reviews, comments and "ADDITIONAL INFORMATION" section, and more.

Verify app permissions and grant only those which have relevant context for the app's purpose. Install Android updates and patches and not browse un-trusted, among others

Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, , and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 17 Sep, 13:30 IST
Tags:
NEXT ARTICLE BEGINS