Sova virus in India

CERT-In has given advisory on SOVA virus – a novel mobile banking “Trojan” virus that is currently targeting Indian customers.

Key features

  • Sova virus is capable of stealthily encrypting an android phone for ransom.
  • It can add false overlays to a range of apps and mimic over 200 banking and payment applications to con the android users.
  • The latest version can hide itself within fake android applications that show up with the logo of a few famous apps like Chrome, Amazon, NFT platform etc., to deceive users into installing them.
  • This malware is distributed through smishing (phishing via SMS) attacks like most Android banking Trojans.
  • After the installation of the fake android application, it sends the list of all application installed on the device to the command and control server (C2) of the threat actor so as to obtain targeted applications.
  • Then, the C2 sends back to the malware the list of addresses for each targeted applications and stores this information inside an XML file.
  • These targeted applications are then managed through the communication between the malware and the C2.
  • It is capable of collecting keystrokes, steal cookies, intercept multi-factor authentication tokens, take screenshots and record video from a webcam and perform gestures like green click, swipe etc., using android accessibility service.
  • It is also capable of intercepting actions that seek to uninstall the malware from setting or pressing the icon.
  • It is a major threat to privacy and security of sensitive customer data and can cause large-scale financial frauds and cyberattacks.


The Indian Computer Emergency Response Team or CERT-In is a nodal agency of the Indian Government involved in addressing cyber security threats like hacking and phishing. It comes under the aegis of the Ministry of Electronics and Information Technology.




Latest E-Books