Advice on government matters. Here’s how to protect your Android device

Delhi: A new mobile banking ‘Trojan’ virus – SOVA – that can stealthily encrypt an Android phone for ransom and is difficult to uninstall is targeting Indian customers, the country’s federal cybersecurity agency said in its latest advisory. The virus has advanced to its fifth version after it was first detected in Indian cyberspace in July, he said.Also Read – Bank Customer Alert: SBI Waives SMS Fees on Mobile Money Transfers. Here’s how to use

“It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using the Android Trojan SOVA. The first version of this malware appeared for sale in the underground markets in September 2021 with the ability to harvest usernames and passwords via keylogging, steal cookies and add fake overlays to a range of applications,” the notice reads. Also Read – Beware of this New Mobile Banking Virus Targeting Indians. Details here

SOVA, he said, previously focused on countries like the United States, Russia and Spain, but in July 2022 added several other countries, including India, to its list of targets. . Also Read – Android Phones Are Likely To Get Call Ease Even Without Network | Details inside


  • The latest version of this malware, according to the advisory, hides in fake Android apps that appear with the logo of some famous legit apps like Chrome, Amazon, NFT (non-fungible cryptocurrency-related token) platform for trick users into installing them.
  • This malware captures credentials when users log into their online banking applications and access bank accounts. The new version of SOVA appears to target over 200 mobile apps, including banking apps and crypto exchanges/wallets.
  • The agency said the malware is distributed via smishing (phishing SMS) attacks, like most Android banking Trojans.
  • The lethality of the virus can be gauged from the fact that it can collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from a webcam and can perform gestures such as tapping the screen, swiping, etc. android accessibility service.
  • It can also add fake overlays to a range of apps and “imitate” more than 200 banking and payment apps in order to scam the Android user.
  • Another key feature of the virus is the refactoring of its “protections” module, which aims to protect itself from the various actions of victims. For example, he says, if the user tries to uninstall the malware from the settings or by pressing the icon, SOVA is able to intercept these actions and prevent them by returning to the home screen. and displaying a toast (small popup) displaying “This application is secure”.


  1. Download apps only from trusted and official app stores such as Play Store or the app store of the device manufacturer or operating system.
  2. Users should always check the app details, number of downloads, user reviews, comments and additional information section.
  3. It’s also worth checking the app’s permissions and granting only those that have context relevant to the app’s purpose.
  4. Don’t miss Android updates and security patches.
  5. Do not click on unsolicited or untrustworthy websites and links that are often sent via text message.
  6. Watch for suspicious numbers.

India’s Computer Emergency Response Team or CERT-In is the federal technology branch to combat cyber attacks and protects the internet space from phishing and hacking attacks and similar online attacks.

(With PTI inputs)