What is SOVA virus: 200 mobile banking apps hacked

SOVA virus: Several Indian banks, including SBI and PNB, have warned that a new type of virus known as SOVA virus is targeting Indian consumers. This new virus enters the mobile phones of users and is hard to uninstall. The alert was issued by Indian Computer Emergency Response Team or CERT-In.A new version of the Trojan virus, SOVA, has reportedly targeted over 200 mobile banking and crypto apps and is stealing their login credentials and cookies. It can hold the information to ransom.

What is SOVA virus?

SOVA is an Android banking trojan malware that targets banking apps to steal personal information and adds false layers over a range of apps. These layers help the malware mimic the payment app. The malware was first detected for sale in the underground markets in September 2021.

What can SOVA virus do?

SOVA virus can steal usernames and passwords via keylogging, stealing cookies and adding false overlays to a range of apps. There are several functions an SVA malware can perform. These include performing gestures like swiping, stealing cookies, taking screenshots, and adding false overlays. The virus has also undergone an update. Now, it can encrypt all the data and hold it for ransom.

How does SOVA virus work?

The malware spreads through smishing. Smishing is a process where fraudulent SMS are sent to individuals prompting them to share their details, including passwords. Once the app is downloaded on the mobile phone, the malware sends the list of all the downloaded apps to the server that the attacker controls.The server sends back the list of targeted apps to the malware and stores the critical information in an XML file. The malware and the server then manage the apps.

It can not be uninstalled

After the latest updates, when a user tries to uninstall an attacked app, they will be unable to do so. A message, “This app is secured”, will be displayed on the screen.

How can users protect themselves?

You are advised to download the mobile apps only through official app stores. Also, check the “Additional Information” section while downloading the apps and review the app details, number of downloads and user reviews.You are advised not to browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSsIn case of any unusual activity in the bank accounts, immediately report it to the respective banks.