The Indian government’s nodal cybersecurity agency Cert-In recently warned against SOVA Android trojan targeting banking users in India. The banking trojan steals usernames and passwords via keylogging, stealing cookies and adding false overlays to a range of apps to deceive users. SOVA was earlier focusing on countries like the US, Russia and Spain, but in July 2022 it added several other countries, including India, to its list of targets. The latest version of this malware hides itself within fake Android apps that show up with the logo of popular apps like Chrome, Amazon and others to deceive users into installing them. This malware captures the banking credentials including user names and passwords when users log into banking apps and hack their accounts. The government has shared a list of dos and don’t that can help Android smartphone users to protect themselves from this dangerous banking malware.
Download apps only from Google Play Store
Always download apps only from official app stores such as your device’s manufacturer or operating system app store. This reduces your risk of downloading potentially harmful apps by as much as 90%. Never check on “Untrusted Sources” checkbox to install/side load APK apps.
Always check ‘Additional Information’ section
Prior to downloading/installing apps any apps on your Android devices (even from Google Play Store) always read the app’s details, including the number of downloads, user reviews, comments and the ‘Additional Information’ section.
Check what permissions the app you download is asking for
Always check the app permissions and grant only those permissions which have relevant context for the app’s functioning.
Never miss Android security patches/updates
Make sure you do not miss on Android updates and patches as and when available from Android device vendors. Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMS.
Look for suspicious numbers
Be on the look for suspicious numbers that do not look like real mobile phone numbers. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
Know if the SMS from the bank is genuine
Genuine SMS messages received from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in the sender information field. Do extensive research before clicking on the link provided in the message. There are many websites that allow anyone to run a search based on a phone number and see any relatable information about whether or not a number is legit.
Be sure of what you click on in email, SMS or on Google
Be very sure of clicking on any URL. Be it in SMS, email or on Google. Click on URLs that clearly indicate the website domain. When in doubt, individuals can search for the organisation’s website directly using search engines to ensure that the websites they visit are legitimate.
Beware of those URL shorteners
Exercise caution towards shortened URLs, such as those involving bit.ly and tinyurl. Government in its advisory asks individuals to hover their cursors over the shortened URLs (if possible) to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and also view the full URL. It further asks individuals to use the shortening service preview feature to see a preview of the full URL.
Check encryption certificates
Check that the encryption certificate is valid by checking for the green lock in the browser’s address bar, before providing any kind of sensitive information such as personal particulars or account login information.
Report any unusual activity you see to your bank
Banking customers are advised to report any unusual activity in their account immediately to the respective banks with the appropriate details for taking even more proper activities.