What is Sova virus? All you need to know about the new mobile banking virus

The new mobile banking ‘Trojan’ virus — SOVA — which can stealthily encrypt an Android phone for ransom and is hard to uninstall is targeting Indian customers.

SOVA was earlier focusing on countries like the US, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets.

India’s federal cyber security agency issued an advisory saying that the virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July.

“It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan. The first version of this malware appeared for sale in underground markets in September 2021 with the ability to harvest user names and passwords via key logging, stealing cookies and adding false overlays to a range of apps,” the advisory said.

Here’s all you need to know about the SOVA virus

SOVA can add false overlays to a range of apps and “mimic” over 200 banking and payment applications in order to con the Android user

The latest version of this malware hides itself within fake Android applications that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT (non-fungible token linked to crypto currency) platform to deceive users into installing them.