The Indian Computer Emergency Response Team (CERT-In) said that Indian banking customers were being targeted by a new type of mobile banking malware campaign called SOVA Android Trojan.
In an advisory issued on September 10, CERT-In which is the nodal body to deal with cybersecurity matters, said that first version of the malware appeared for sale in underground markets in September 2021.
It has the ability to harvest usernames and passwords via keylogging, stealing cookies and adding false overlays to a range of apps. It also captures the credentials when users log into their net banking apps and access bank accounts.
"SOVA was earlier focusing on countries like the USA, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets," the advisory read.
This malware is effectively hard to uninstall once it is in the system.
CERT-In notes that if a user tries to uninstall the malware, SOVA intercepts these actions and prevents it by returning the user to the home screen with a display: This app is secured.
"These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in large scale attacks and financial frauds," CERT-In said.
How it works
CERT-In said that this version of the malware hides itself within fake Android applications that show up with logos of legitimate apps like Chrome, Amazon and so on.
"Once the fake android application is installed on the phone, it sends the list of all applications installed on the device to the C2 (Command and Control server) controlled by the threat actor...," it said.
Then, the C2 also sends the addresses for these applications installed in this device, and that information is storied in an XML fire. "These targeted applications are then managed through communications between the malware and C2," CERT-In said.
What can it do
Collect keystrokes
Steal cookies
Intercept multi-factor authentication tokens
Take screenshot
Record video from webcam
Perform gestures
Copy/paste
For mitigating the risk of getting infected with such malwares CERT-In urged users to only download apps from official app stories; to review app details before downloading; verifying app permissions and so on.
Apart from that, CERT-In also urged users to not browse un-trusted websites or click on un-trusted links. "Do extensive research before clicking on link provided in message," it said.
Recently, there has been an increase in the attacks on financial institutions including banks. In January, Hyderabad-based Mahesh Cooperative Bank was robbed of Rs 12 crore after cyber attackers hacked their serveres. Hackers gained access due to vulnerabilities in the system and at the same time, created around seven accounts in the bank, to which they transferred money
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
