Many Indian banks have alerted their customers about a new type of mobile banking malware campaign using the SOVA Android Trojan. The banks have requested customers to download apps only from the official app stores.
The malware is distributed through smishing attacks. The malware captures the credentials when users log onto their net-banking apps and access bank accounts. This new version is said to be targeting over 200 mobile apps such as financial apps and crypto wallets.
The malware can collect keystrokes, steal cookies, intercept multi-factor authentication tokens, and take screenshots or record videos from webcams. It is also capable of encrypting all data on an android phone and holding it to ransom.
How to avoid a malware attack?
1. Do not use third-party websites to download apps
2. Regularly update Android devices
3. Do not visit untrusted websites
4. Do not click suspicious links sent via email or SMS messages
5. Download apps only from official app stores
6. Review app details before downloading
7. Check the number of downloads, user reviews, comments, and additional information
8. Look for suspicious mobile numbers
9. SMS messages from banks usually have a sender id that consists of the bank’s short name instead of a phone number
10. Report the concerned bank upon spotting an unusual activity
