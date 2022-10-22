Delhi, October 22: With technology booming, hackers are using many types of viruses to cheat people. Phishing messages are used to download these viruses to people’s phone. Banks are now allowing their customers about one such virus, SOVA, which can stealthily encrypt an Android phone for ransom and is difficult to uninstall.

SOVA has reportedly targeted over 200 mobile banking and crypto apps. This virus is stealing the login credentials and cookies of the app. This malware was first detected in September 2021. SOVA Trojan Virus: New Mobile Banking Virus for Android Phone Prowling in Indian Cyberspace

SBI Alerts Customers About SOVA Virus:

What is SOVA Virus?

SOVA is an Android banking Trojan malware that targets banking apps to steal personal information. It adds fake layers to apps. These layers help the malware to copy the payment app. This malware was first discovered in September 2021.

The malware records the user's information when they access their account through net-banking apps and log in. Once installed, there is no way to remove this application. Hackers Reportedly Slip Malware 'Silver Sparrow' Into 30,000 Apple Macs

How Does This Malware Work?

The Sova Trojan malware is sent to users' devices via phishing SMS. The latest version of this malware hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible token linked to crypto currency) platform to deceive users into installing them.

In simple term, this malware gets installed in your phone through phishing SMS. After installation, this Trojan sends the details of the apps present in your phone to the hackers.

While the SOVA malware is a banking trojan, it has other harmful capabilities like keylogging, DDoS, overlay attacks, notification manipulation, and more. Security researchers have also found a rare feature in the malware which allows the SOVA malware to steal session cookies, this feature enables the malware to login into banking accounts without the username and password of the user.

The virus can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures like screen click, swipe etc. using android accessibility service making it lethal.

(The above story first appeared on LatestLY on Oct 22, 2022 10:53 AM IST.