Your bank account is in danger, govt warns; Shocking Trojan phone virus is on fake Amazon, Chrome apps

tech.hindustantimes.com:

The Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan, the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology informed in its latest report. SOVA was earlier focusing on countries like the USA, Russia, and Spain, however, since July 2022 it added India too along with several other countries in its list of targets, the agency informed. The latest version of this malware hides itself within fake Android apps that show up with the logo of a few famous legitimate apps like Chrome, Amazon, NFT platform to deceive users into installing them.

The new version of SOVA malware is targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets. The malware captures the credentials when the users log into their net banking apps and access bank accounts. "As per the reports, the malware is distributed via smishing (phishing via SMS) attacks, like most Android banking Trojans. Once the fake android application is installed on the phone, it sends the list of all applications installed on the device to the C2 (command and control server) controlled by the threat actor in order to obtain the list of targeted applications," CERT-In said.

It further added, "At this point, the C2 sends back to the malware the list of addresses for each targeted application and stores this information inside an XML file. These targeted applications are then managed through the communications between the malware and the C2."

The malware's list of functions includes the ability to collect keystrokes, steal cookies, intercept multi-factor authentication (MFA) tokens, take screenshots and record video from