SOVA Malware: Any person can end up being a victim of financial fraud when attacked by this virus.
SOVA Malware: Almost every day there is a new virus attack. No, not in the body. Rather, all these viruses are attacking the important devices of people. Recently a new mobile banking virus is spreading in the cyber sector of the country. This Mobile Banking Trojan Virus Sova is actually a Ransomware that can destroy Android phone files.
Recently they have started attacking common people’s mobiles. Anyone can end up being a victim of financial fraud when attacked by this virus. Once this virus enters the mobile, it is very difficult to remove it. The Cyber Security Agency of India has stated this in their latest guidelines. The virus was first detected in the Indian cyber sector last July. It has since seen its fifth edition.
CERT-In (Indian Computer Emergency Response Team) said, ‘The institute has been informed that Indian bank customers may be affected by the new Sova Android Trojan. Among these, mobile banking is being targeted. The first version of this malware was secretly released on the market in September 2021. It is able to affect login names and passwords, cookies and apps.’
The malware was previously more active in countries like the US, Russia and Spain, but it hit India in July, 2022, the guidelines said. Also started targeting many more countries.
Reportedly, the latest version of this malware disguises itself as a fake Android application to trick users. It is then displayed with the ‘logo’ of popular legitimate apps like Chrome, Amazon, NFT (Crypto Currency Linked Token). This happens in such a way that people ‘install’ these apps without realizing it. CERT-In is the central technology unit for countering cyber attacks. It aims to protect the internet sector from ‘phishing’ (fraudulent activities), ‘hacking’ and online malware virus attacks.
Distribution for fraudulent purpose —
CERT said that most Android banking trojan-like malware tries to commit fraud by ‘smishing’, i.e. sending SMS, names of big companies. ‘Once the fake Android application is installed on the phone, it sends the list of all the applications installed on the mobile to the C2 or command and control server to get the list of targeted applications,’ the guidelines said. This server is controlled by people who want to get a list of target applications
Duplicate money transaction app
This virus can do fraud from within any payment app. How dangerous it is can be gauged from one data — it can collect key-strokes, perform factor detection (MFA), take screenshots and record videos from webcams. It can also affect apps and ‘impersonate’ more than 200 banking and payment apps to trick Android users.
How is prevention possible?
According to the guide, the manufacturer has recently upgraded the fifth version of this virus. This version has the possibility to get all the data (Data) of the Android phone and then use it for the purpose of abuse The virus can effectively compromise the privacy and security of customers’ sensitive information. This can lead to large-scale ‘attacks’ and financial fraud. CERT has some suggestions to prevent this—
The app should be downloaded from the official app store only. The guidelines clearly state that users should download any app from the official app store. This may include the device manufacturer’s app store. Or the ‘Operating System’ own store can be chosen. Before using or ‘installing’ any app, it should be verified well. Before downloading any app, it is necessary to consider the experience and comments of other users. Apart from this, Android should be updated regularly. Any link received through e-mail or SMS cannot be clicked. Only trusted ‘links’ should be used.