Customers are being warned by banks like SBI, PNB, and Canara Bank about SOVA VIRUS


According to the SBI tweet, SOVA is an Android banking trojan malware that targets banking apps to steal personal information.

This malware captures the credentials when users log into their net-banking apps and access bank accounts.

According to the PNB website note on SOVA Trojan, “the malware is distributed via smishing (phishing via SMS) attacks, like most Android banking Trojans.

Once the fake android application is installed on the phone, it sends the list of all applications installed on the device to the C2 (Command and Control server) controlled by the threat actor in order to obtain the list of targeted applications.

At this point, the C2 sends back to the malware the list of addresses for each targeted application and stores this information inside an XML file.

What is the malware capable of performing?

The malware is capable to perform the following functions, according to the PNB website: collect keystrokes steal cookies intercept multi-factor authentication (MFA) tokens take screenshots and record video from a webcam perform gestures like screen click, swipe etc. using android accessibility service copy/paste ·adding false overlays to a range of apps ·mimic over 200 banking and payment applications

Canara Bank also warned its customers about SOVA Android Trojan, and asked its customers to report to or in case of any incidents.

Other stories

Best apps for power lifters

Learn how to do a squat correctly

Top 5 muscle building apps