SOVA Virus : Banking malware is back again

SOVA Virus

Sova Virus: A new mobile banking ‘Trojan’ virus ‘Sova’ is targeting Android users in the country. Through this virus, anyone can encrypt your Android phone and use it for ransom, extortion, etc. It is also difficult to uninstall it.

A novel class of mobile banking malware campaign is the Sova virus. It makes advantage of the SOVA Android Trojan malware. Prior to focusing on India, Sova targeted nations like the USA, Russia, and Spain.

For Indians who utilize mobile online banking, this virus is among the most deadly ones. It is the sixth iteration of the initial virus discovered in Indian online, and it is difficult to remove. It is capable of encrypting all data. The nation’s federal cyber security agency revealed this.

In order to trick users into installing it, this particular strain of malware conceals bogus Android applications with similar-looking logos to popular search engines including Chrome, Amazon, and NFT platforms.

The central cyber security agency CERT-In has issued an advisory regarding this virus. The virus was first detected in Indian cyberspace by CERT-In in July. Since then its fifth version has been upgraded till now. It receives username and password through login.

Apart from this, by breaking cookies and weaving a false web of many types of apps, it collects information about consumers and cheats them. Before India, the Sova virus has also been active in America, Russia and Spain. According to CERT Inn, about 200 mobile users have become victims of this virus so far.

In this way, according to the misguided

advisory, the latest version of this virus sneaks into the accounts of mobile users by hiding in fake Android apps. These apps have the logo of popular apps like Chrome, Amazon, NFT, thereby misleading the consumers and forcing them to download these apps. It then steals the user’s data. 

Read Also- Google Play Store turns10 years old: Launched in 2012

Once the fake Android app is downloaded in the mobile, this virus sends the information of all the apps on that mobile to the C2 (Command and Control) server. Where the sitting mastermind prepares a list of apps to be targeted. This list is sent back to Sova virus by C2. It saves all this information as an XML file.

This virus can break into

the device’s keystrokes (information about which button was pressed by the user), cookies, Multi-Factor Authentication (MFA) tokens. Apart from this, it can take screenshots and record videos from webcam. This virus can create duplicate copies of more than 200 payment apps. Through these, it can also empty the bank accounts of the consumer. 


To avoid this virus

The central agency has advised consumers to download the app only and only from the official app store. Apart from this, before downloading any app, its complete information and how many times it was downloaded, please see the reviews and comments of people on it.


Leave a Reply