Context
The new mobile banking 'Trojan' virus -- SOVA -- which can stealthily encrypt an Android phone for ransom and is hard to uninstall is targeting Indian customers.
Which countries were its previous targets?
- SOVA was earlier focusing on countries like the US, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets.
- The virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July.
What can it do?
- SOVA can add false overlays to a range of apps and "mimic" over 200 banking and payment applications in order to con the Android user.
- The latest version of this malware hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible token linked to crypto currency) platform to deceive users into installing them.
- The malware is distributed via smishing (phishing via SMS) attacks, like most Android banking Trojans.
How dangerous is this new malware?
- The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe etc. using android accessibility service.
