A new mobile banking ‘Trojan’ virus — SOVA — which can stealthily encrypt an Android phone for ransom and is hard to uninstall is targeting Indian customers, the country’s federal cyber security agency said in its latest advisory. The virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July, it said.
“It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan.The first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest user names and passwords via key logging, stealing cookies and adding false overlays to a range of apps,” the advisory said.
SOVA, it said, was earlier focusing on countries like the US, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets.
The latest version of this malware, according to the advisory, hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible token linked to crypto currency) platform to deceive users into installing them.