Beware! SOVA Trojan Virus Infecting Banking Apps, Can Encrypt Android Phones For Ransom

A new banking virus which has the capability to compromise sensitive consumer data and harm large-scale financial frauds is on the prowl, the central government has cautioned smartphone users who use banking apps. According to CERT-In or Computer Emergency Response Team, the country's top cyber security agency, the new banking Trojan virus is named SOVA and it can also stealthily encrypt an Android smartphone user's device for ransom.

The first version of SOVA banking Trojan had surfaced for sale in September 2021 and it had the capability to harvest passwords and usernames by stealing cookies, keylogging as well as adding false overlays to a number of apps. It was previously focused on countries such as Russia, Spain and the US and since July 2022, the SOVA virus is targeting India, said a press note by CERT-In.

"Once the fake android application is installed on the phone, it sends the list of all applications installed on the device to the C2 (command and control server) controlled by the threat actor in order to obtain the list of targeted applications," CERT-In mentioned.

The SOVA banking virus is currently targeting more than 200 banking, cryptocurrency exchange and digital wallet apps. SOVA banking virus also attempts to steal sensitive user data and cookies from them.

The CERT-In advisory says that SOVA has now upgraded itself to the fifth version and it can hide within fake Android apps that show up with the logo of a few legit genuine apps such as Amazon, Chrome and NFT (non-fungible token linked to cryptocurrency) and can lire users to download them.

As per CERT-In, users of banking apps are advised to be cautious while downloading such apps and it is best to download the apps from official app stores.