Source: The post is based on the article “What is the Sova virus? All you need to know about the new mobile banking virus” published in Livemint on 19th September 2022.
What is the News?
Indian Computer Emergency Response Team (CERT–IN) has given advisory on SOVA virus – a novel mobile banking “Trojan” virus that is currently targeting Indian customers.
What is SOVA?
SOVA is a new mobile banking ‘Trojan’ virus.
Note: Trojan is a file, program, or piece of code that appears to be legitimate and safe but is actually malware. Malware is software intentionally designed to cause disruption to gain unauthorized access to information or systems.
How is SOVA targeting users?
SOVA malware hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible token linked to cryptocurrency) platform to deceive users into installing them.
– Once the fake android application is installed on the phone, it sends the list of all applications installed on the device to the C2 (command and control server) controlled by the threat actor in order to obtain the list of targeted applications.
What information can SOVA collect?
SOVA can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe using the android accessibility service. It also has the capability to encrypt all data on an Android phone and hold it to ransom.
Can this application be deleted from the phone?
SOVA protects itself from different victim actions For example, if the user tries to uninstall the malware from the settings or pressing the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen and showing a toast (small popup) displaying “This app is secured”.