Banks including SBI, PNB And Canara Bank warning customers about Sleep Which is a malware that can attack your valuable assets. according to a State Bank Of India Tweet, “Don’t let malware steal your valuable assets. Always download trusted apps from trusted sources.”

What is SOVA?

According to SBI’s tweet, SOVA is an Android banking Trojan malware that targets banking apps to steal personal information. This malware captures the credentials when users log into their net-banking app and access bank accounts. Once installed, it is impossible to uninstall.

How does SOVA Android Trojan work?

As the PNB website notes on the SOVA Trojan, “The malware is distributed through smishing (phishing via SMS) attacks, like most Android banking Trojans. Once a fake Android application is installed on a phone, it is targeted The list of all applications installed on the device is controlled by the Threat Actor to C2 (Command and Control Server) to obtain the list of applications. At this point, C2 sends the list of addresses of each targeted application back to the malware and this Stores the information inside an XML file. These target applications are then managed through communication between the malware and C2.”

What is malware capable of performing?

According to the PNB website the malware is capable of doing the following:

• collect keystrokes
• steal cookies
• Intercept Multi-Factor Authentication (MFA) Token
• Take screenshot and record video with webcam
• Make gestures like screen click, swipe etc using Android Accessibility Service
• copy paste
• · Adding false overlays to a range of apps
• · Copy over 200 banking and payment applications

sleep upgrade

“It turns out that the makers of SOVA recently upgraded it to its fifth version since its inception, and this version has the ability to encrypt all data on an Android phone and hold it for ransom. SOVA Another key feature of SOVA is the refactoring of its “Security” module, which aims to protect itself from the actions of various victims. For example, if the user tries to uninstall malware from the settings or presses the icon, SOVA will Is able to try and prevent these actions (via abusing accessibility ) by returning to the home screen and showing a toast (small popup) displaying “This app is secure”. These attacks campaign on sensitive customer data can effectively jeopardize the privacy and security of the Bank and result in large-scale attacks and financial frauds,” says PNB.

Canara Bank warned its customers about the SOVA Android Trojan, and asked its customers to report any incidents to [email protected] or [email protected].

Best practices and recommendations as per PNB:

• Minimize the risk of downloading potentially harmful apps by limiting your download sources to official app stores such as your device’s manufacturer or operating system app store.
• Before downloading/installing apps on Android devices (even from Google Play Store):
• Always review the app description, number of downloads, user reviews, comments and the “Additional Information” section.
• Verify app permissions and only grant permissions that have context relevant to the purpose of the app.
• Do not check the “Untrusted sources” checkbox to install side-loaded apps.
• Install Android updates and patches when available from Android device vendors.
• Do not browse untrusted websites or follow untrusted links and exercise caution while clicking on the links provided in any unsolicited emails and SMS.
• Install and maintain updated anti-virus and antispyware software.
• Look for suspicious numbers that don’t look like real mobile phone numbers. Scammers often hide their identity by using email-to-text services to avoid revealing their real phone number. Genuine SMS messages received from banks usually contain the sender ID (includes the bank’s abbreviation) instead of the phone number in the sender information field.
• Do a thorough research before clicking on the link in the message. There are a number of websites that allow anyone to run a search based on a phone number and see any related information about whether a number is valid or not.
• Only click on URLs that clearly point to the website domain. When in doubt, users can directly search the organization’s website using a search engine to ensure that the websites they have visited are legitimate.
• Consider using Safe Browsing tools, filtering tools (antivirus and content based filtering) in your antivirus, firewall and filtering services.
• Be careful with short URLs, such as those containing bit.ly and tinyurl. Users are advised to hover their cursor over the shortened URL (if possible) to see the full domain of the website they are visiting, or to use the URL checker which allows the user to enter a shortened URL and view the full URL. will allow. Users can also use the shortening service preview feature to preview the entire URL.
• Before providing any sensitive information such as personal details or account login details, check for a valid encryption certificate by checking the green lock in the browser’s address bar.
• The customer should immediately report any abnormal activity in his account along with relevant details to the Bank so that appropriate further action can be taken.