Tech

Explained: New Android Trojan Virus and How It Targets Indian Users


SOVA Trojan is a virus that can keep Android ransom devices by secretly encrypting them, rendering the user powerless. The India’s Computer Emergency Response Team (CERT-In) recently reported that a new type of mobile banking malware campaign using SOVA Android Trojans The virus is targeting the country’s banking customers. The first version of this malware was discovered at a sale in September 2021 in the “underground market”.
The earliest possible version of malware – storing usernames and passwords (via keylogging), stealing cookies as well as adding fake overlays to various apps. However, now the malware has been upgraded to the fifth version and is capable of doing more than the things mentioned above. Initially, SOVA focused on users of countries like – USA, Russia and Spain. In July 2022, the virus added many other countries (including India) to its target list.

SOVA Trojan Android: How It Works
The latest version of malware may be hiding inside fakes Android apps bearing the logos of some authentic apps like – Google Chrome, Amazon, NFT and other platforms to trick users into installing them. Whenever a victim logs into their network banking application or accesses their bank account using compromised devices, this malware can steal user credentials without No need to notify them. The latest version of SOVA is said to target over 200 mobile apps, including banking apps and crypto exchanges/wallets.
Like most Android banking Trojans, this malware is mainly distributed through SMS phishing campaigns (also known as polish attacks). Whenever a user installs one of these fake Android apps, the malware sends a list of apps already on the device to a command and control (C2) server managed by the cybercriminals. physical. This malware-sent list helps attackers identify applications that may be targeted.
The C2 server then sends back a list of addresses of each targeted application for malware and stores the information inside. XML file. These targeted applications will then act on commands placed between the malware and the C2 server. The list of malware capabilities includes keystroke collection, cookie theft, blocking MFA tokens, take screenshots, record videos and mimic over 200 banking/payment apps among others.
How malware has evolved over time
As mentioned above, the makers of the Android SOVA trojan have upgraded the malware to a fifth version that is capable of encrypting all the data on an Android device and holding it for ransom.

The latest version of SOVA can also protect itself from various user actions. For example, if a victim tries to uninstall malware from settings or by pressing and holding an icon, the malware will block these actions and return the user to the home screen to prevent them from deleting. it. When trying to uninstall, the malware also shows a pop-up message that says – “This app is secure”.





Source link

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button