Banks alerts on SOVA Trojan

The high adoption of digital banking is at high risk with the emergence of sophisticated Trojan, SOVA, is now targeting payment and banking apps on Android devices in India. Sova is the Russian word for owl.

Last year, in September, SOVA appeared on the dark web or underground markets with capabilities to harvest usernames and passwords through keylogging, stealing cookies and placing false overlays on several apps installed on mobile. Ransomware attacks on mobiles would be catastrophic for every user.

Recent days have seen Indian mobile banking app users being hit by malware like Oscorp, Brata, SOVA, etc. that defraud victims by remote access controls, collecting keystrokes, or stealing cookies from devices. Many of these Malwares also seize the multi-factor authentication tokens.

Furthermore, this malware can capture screenshots, and record videos from the device’s camera without the permission of the users. One of the Android Trojans recently highlighted is SOVA Malware which has harmful capabilities like keylogging, overlay attacks, Screenshots Capturing & abuse of accessibility permissions. Mostly, this is sideloaded from phishing links sent to users on E-Mail/SMS/WhatsApp.

India’s computer emergency response team (CERT-In) also issued a warning about SOVA Android Trojan. SOVA was earlier focusing on countries like the US, Russia and Spain; but, in July 2022, it added several other countries, including India, to its list of targets.

The v4 version of this malware hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, and the non-fungible token (NFT) platform to deceive users into installing them.

The banking industry is undergoing massive digital disruption with mobile apps and e-payments becoming the norm. India had 1.2 billion mobile subscribers in 2021, of which around 750 million were smartphone users. India is going to have 1 billion smartphone users by 2026, says a Deloitte report. For most people, mobile is becoming the preferred option, whether it is food ordering, ticketing, entertainment, payments, or funds transfer.

With the updated version SOVA has the capability to encrypt all data on an Android phone and hold it to ransom. Another key feature of SOVA is the refactoring of its “protections” module, which aims to protect itself from different victim’s actions. These attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in large scale attacks and financial frauds, as per the PNB officials.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA