You are here: Home » Technology » News
iPhones: Five things Apple introduced that other smartphone brands copied
Business Standard

Bank, crypto apps under attack: Everything you must know about SOVA virus

A new version of the Trojan virus, SOVA, has reportedly targeted over 200 mobile banking and crypto apps and is stealing their login credentials, and cookies

Topics
BS Web Reports | Malware | mobile banking

Raghav Aggarwal  |  New Delhi 



Illustration: Binay Sinha

After CERT-In's advisory, several Indian banks, including and IDBI Bank, have alerted their customers to not download their mobile applications from any source other than official app stores.

A new version of the Trojan virus, SOVA, has reportedly targeted over 200 and crypto apps and is stealing their login credentials and cookies.

The virus can encrypt the user's Android phone for ransom.

"It has been reported to CERT-In that Indian banking customers are being targeted by a new type of campaign using SOVA Android Trojan," CERT-In said.

What is SOVA?

SOVA is an Android banking trojan that targets banking apps to steal personal information and adds false layers over a range of apps. The layers help the mimic the payment app.

The malware was first detected for sale in the underground markets in September 2021. It could "harvest usernames and passwords via keylogging, stealing cookies and adding false overlays to a range of apps", according to CERT-In.

The virus primarily focused on the USA, Russia, and Spain. However, by July 2022, It had added other countries, including India, to its list.

The malware spreads through files with an extension ".apk".

How does SOVA work?

According to CERT-In, the malware spreads through smishing. Smishing is a process where fraudulent SMS are sent to individuals prompting them to share their details, including passwords.

Once the app is downloaded on the mobile, the malware sends the list of all the downloaded apps to the server that the attacker controls.

The server sends back the list of targeted apps to the malware and stores the critical information in an XML file. The malware and the server then manage the apps.

What can the SOVA virus do?

There are several functions an SVA malware can perform. These include performing gestures like swiping, stealing cookies, taking screenshots, and adding false overlays.

The virus has also undergone an update. Now, it can encrypt all the data and hold it for ransom.

Among the most crucial updates is the "protections" module. Now, when a user tries to uninstall an app that the virus has attacked, they will be unable to do so. A message, "This app is secured", will be displayed on the screen.

What can users do to protect themselves?

The most important step is downloading the apps only via official app stores. Another step is to check the "Additional Information" section while downloading the apps and review the app details, number of downloads and user reviews.

Another practice CERT-In recommends is downloading the latest updates of the apps and operating software provided by device vendors. Also, download and activate anti-virus software.

"Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs," CERT-In's notification read.

Also, the users have been advised to click only on the URLs that indicate a legitimate website. The users must also keep the firewall on.

Lastly, the users have also been asked to immediately report any unusual activity in the bank accounts to the respective bank.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.


We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Wed, September 21 2022. 13:24 IST

RECOMMENDED FOR YOU
RECOMMENDED FOR YOU