Indian banking customers are now under the radar of the new Sova trojan virus. It’s taking your bank details and making your balance zero. A significant focus of Sova is on developed countries like the United States, Russia, and Spain. But in July 2022, lots of new countries are added to the list including India.
What is Sova?
Sova is an Android trojan. That is focusing on your banking apps. This virus will take your banking passwords. This virus is hidden in untrusted apps. These apps will mimic the original apps but secretly take your banking passwords.
As per the researcher, this is the 5 version of the virus. India’s federal cyber security agency issued an advisory to be aware of that.
Working of Sova?
This virus will install on your phone from any untrusted websites and apps. These apps hide within android apps like google chrome, amazon, NFT platform, etc. It will gain root-level access to your devices and share the app list with the command and control (C2) server. These C2 servers are maintained by cybercriminals. This app list will help attackers to determine the targeted apps.
After that it will fetch the import details from your android phone like keystrokes, stealing cookies, intercepting MFA, taking a screenshot, and recording videos. The makers of the SOVA Android trojan have already upgraded the malware to its 5 stages which are capable of encrypting phones. The latest version of SOVA will protect itself from various actions by the user.
How to protect your devices?
CERT-In has recommended a few countermeasures to protect yourself from this virus. That measure is as below:
- Install apps only from trusted platforms such as the Google Play store.
- Do not visit any untrusted websites.
- Don’t click on any untrusted links.
- Check for the latest updates and patches for your devices.
- Check the app permissions of apps to make sure only relevant permissions are granted to the apps.