15.6 C
New York
Sunday, October 2, 2022

Buy now

Your bank account is at risk, the government warns; Shocking Trojan Phone Virus Is On Fake Amazon, Chrome Apps

The CERT-In has informed about a new mobile banking malware campaign using SOVA Android Trojan that attacks more than 200 mobile apps.

Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan, the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology said in its latest report. SOVA previously focused on countries like the US, Russia and Spain, but since July 2022, it has also added India along with several other countries in its list of targets, inform the office. The latest version of this malware hides itself in fake Android apps that appear with the logo of some famous legit apps like Chrome, Amazon, NFT platform to trick users into installing them.

The new version of SOVA malware targets more than 200 mobile applications, including banking apps and crypto exchanges/wallets. The malware captures the credentials when users log into their internet banking apps and access bank accounts. According to the reports, the malware is spread through smishing (SMS phishing) attacks, like most Android banking Trojans. Once the fake Android app is installed on the phone, the list of all applications installed on the device will be sent to sent to the C2 (command and control server) controlled by the threat actor to obtain the list of targeted applications,” according to CERT-In.

It added: “At this point, the C2 sends the list of addresses for each targeted application back to the malware and stores this information in an XML file. These targeted applications are then managed through the communication between the malware and the C2 .”

SOVA malware’s list of features

The malware’s list of features includes the ability to collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam, perform gestures such as clicking screen, swipe, etc. using the Android accessibility service, copy/paste, add fake overlays to a range of apps, mimic over 200 banking and payment applications.

“It has been discovered that the creators of SOVA recently upgraded it to the fifth version since its inception, and this version has the ability to encrypt all data on an Android phone and hold it for ransom,” the report said. Another important feature of the virus, according to the report, is the refactoring of the “protection module”, which aims to protect itself from various actions of victims.

For example, if the user tries to remove the malware from the settings or press the icon, SOVA can intercept and prevent these actions by returning to the home screen and showing a toast (small pop-up) that says “This app is secured,” it said.

These attack campaigns can compromise the privacy and security of sensitive customer data and result in large-scale attacks and financial fraud.

How do you stay protected against the virus?

CERT-In also suggested some best practices that can be used to protect against the virus. The measures include: reducing the risk of downloading potentially harmful apps by limiting their download sources to official app stores, such as your device manufacturer or operating system app store, app details, number of downloads, user reviews, comments, and ” ADDITIONAL INFORMATION” section, and more.

Check app permissions and only grant permissions that have relevant context to the purpose of the app. Install Android updates and patches, among other things, and do not browse unreliably

Source link

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles