Tech News: New mobile banking virus is spreading, Know more about it...


A new mobile banking virus is spreading in the country's cyber sector. This mobile banking trojan virus targeting customers..SOVA…is a ransomware that can damage the files of Android phones and ultimately make the concerned person a victim of financial fraud. Once in mobile, it is also very difficult to remove it. The country's cyber security agency has said this in its latest advisory.


This virus was first detected in the Indian cyber sector in July. Since then its fifth generation has come. CERT-In (Indian Computer Emergency Response Team) said, "The Institute has been informed that Indian Bank customers are being targeted by the new Sova Android Trojan. Mobile banking is being targeted in this. The first version of this malware secretly came for sale in the markets in September 2021. It is capable of stealing names and passwords, cookies, and affecting apps through logging in."

Said that this malware was earlier more active in countries like America, Russia and Spain, but in July 2022 it started targeting many other countries including India.

According to this, the new version of this malware disguises itself with fake Android applications to deceive the users. After that it appears with the 'logo' of popular legitimate apps like Chrome, Amazon, NFT (Crypto Currency Linked Token). This happens in such a way that people do not even know about 'installing' these apps.

CERT-In is the central technology unit to deal with cyber attacks. It aims to protect the Internet sector from 'phishing' (fraudulent activities) and 'hacking' and online malware virus attacks.

The agency said that the malware, like most Android banking Trojans, is distributed with the intention of fraudulently through 'smishing' i.e. SMS in the name of major companies.

"Once the fake Android application is installed on the phone, it sends the information of all the applications installed on the mobile to C2 (Command and Control Server) to get the list of targeted applications," the advisory said. This server is controlled by those who want to receive information about the targeted application.

The dangerousness of the virus can be gauged from the fact that it can collect keystrokes (keystrokes used for programming purposes to respond to the user pressing a particular 'key'), various methods of verification. Can detect factors (MFA), take screenshots and record video from webcam.


It can also affect apps and 'mimic' more than 200 banking and payment applications to defraud Android users.

As per the consultation, it is learned that the makers have recently made its 5th generation since its inception. This version has the potential to obtain all data on Android phones and use it with intent to misuse.

This virus can effectively endanger the privacy and security of sensitive customer information and result in large-scale 'attacks' and financial fraud.

Tips to prevent this by the agency
Under this, users should download the app from the official app store itself. This includes the app stores of the device manufacturer or 'operating system'. They should always review about the app. User experiences, comments should also be taken into account. Also, keep updating Android regularly and don't blindly rely on 'links' received through e-mail or SMS.

From around the web