What is SOVA Android Trojan Virus?
SOVA is a new mobile banking ‘Trojan’ virus which can secretly encrypt an Android phone for ransom and is very difficult to remove from an Android device.
SOVA Android trojan targeting Indian banking users has recently been warned by Indian government cybersecurity agency Cert-In. Through keylogging, the banking trojan steals user passwords and usernames, steals cookies, and adds false overlays to apps to deceive users.
In July 2022, SOVA added several other countries, such as India, to its list of targets. SOVA initially targeted the US, Russia, and Spain. In its latest version, this malware disguises itself as fake Android apps that mimic popular apps like Google, Amazon, and others to trick users into installing them.
Using this malware,the attackers are able to hack the users accounts by capturing their banking credentials, including usernames and passwords. Android smartphone users are advised to follow a list of dos and don’ts in order to protect themselves from this dangerous banking malware.
List of dos and don’ts to be safe while using Android phones
You should only download apps from trusted sources, such as Google Play Store
Make sure you download apps only from the official app stores, such as the Google Play Store on your Android operating system. The risk of downloading potentially harmful apps is reduced by 90% if you don’t check the “Untrusted Sources” checkbox when installing/side loading APK apps.
If you need to download an APK outside of Google Play Store, check the source first before downloading the app. In some cases, apps are being downloaded directly from the company website such as Dream 11.
It is always a good idea to check the ‘Additional Information’ on App Store
There is always a good reason for you to read the app’s details before downloading or installing it on your Android device (even from the Google Play Store), such as the number of downloads, user reviews and comments, and the section entitled ‘Additional Information’.
Flipkart Big Billion Days start on 23rd September. Get the best deals on phones under 15000 price range
Be sure to check what permissions the app requires before clicking OK
Ensure that the app permissions are relevant to its functionality before granting them.
You should be careful what you click on in emails, SMS, and Google searches
If in doubt, users can use search engines to find the organisation’s website to ensure the websites they visit are legitimate. Click on URLs that clearly indicate the website domain. Attackers are smart enough to create an illusion of a legitimate website but you have to be aware and cautioned. Let’s take a look at attackers behaviour using the domain Flipkart.com
Fake e-commerce sites, which look like Flipkart, may use similar-looking URLs. For example:
Or the website will have something else instead of ‘.com’, such as:
At times, a fake Flipkart website will only look similar, but the URL will be completely unrelated. For example:
Full list of Government Recommendations & Best Practices: https://www.csk.gov.in/alerts/SOVA.html