What is the SOVA Virus?

SOVA is essentially a virus capable of inserting false overlays into various apps. This enables the virus to imitate over 200 banking and payment apps. It is a mobile banking virus that only affects Android devices.

Previously, the virus was mostly found in countries such as the United States, Russia, and others. However, it has spread to a number of other countries, including India, since July 2022. The Indian cyber security agency CERT (Computer Emergency Response Team) also issued a warning that the virus had updated to its fifth version since it was discovered in Indian cyberspace.

The latest version of the virus is dangerous because it is capable of duping an average Android user. The malware conceals itself within fake Android applications that appear to be legitimate. Users are duped by legitimate-looking logos and may end up installing apps that contain malware.

The virus is spread via smishing, according to CERT-In. Smishing is the practise of scammers carrying out phishing attacks via SMS. The virus is considered dangerous because it is capable of collecting data such as keystrokes, cookies, and multi-factor authentication tokens, as well as taking screenshots and recording videos. It can also perform actions such as clicking, swiping, and so on through the Android accessibility service.

How does it work?

• The latest version of this malware, according to the advisory, hides itself within fake Android apps that appear with the logos of a few well-known legitimate apps, such as Chrome, Amazon, and the NFT (non-fungible token linked to crypto currency) platform, in order to trick users into installing them.
• This malware steals users' credentials when they log into their net banking apps and access their bank accounts. The new SOVA version appears to be aimed at over 200 mobile apps, including banking apps and cryptocurrency exchanges/wallets.
• Like most Android banking Trojans, the malware is distributed via smishing (phishing via SMS) attacks.
• To deceive Android users, it can also add false overlays to a variety of apps and "mimic" over 200 banking and payment apps.
• The virus's refactoring of its "protections" module, which is designed to protect itself from various victim actions, is another distinguishing feature. For example, if the user tries to uninstall the malware from the settings or by pressing the icon, SOVA can intercept and prevent these actions by returning to the home screen and displaying a toast (small popup) that says, "This app is secured," according to the company.

How to keep money safe from SOVA and other mobile malware?

• Download apps only from reputable and official app stores such as the Google Play Store, the app store of your device's manufacturer, or the app store of your operating system.
• Users should always look over the app's details, download count, user reviews, comments, and additional information section.
• App permissions should also be verified and granted only if they are relevant to the app's purpose.
• Don't let Android updates and security patches pass you by.
• Do not click on unsolicited or untrusted websites or links sent via SMS.
• Keep an eye out for unusual phone numbers.

The Indian Computer Emergency Response Team, or CERT-In, is the federal technology arm that combats cyber attacks and protects the Internet from phishing and hacking attacks, among other online threats.