There’s a fresh alert for all Android users to beware of and this has to be one of the most serious threats to date. Security experts are warning of a new threat that’s spreading quickly across the globe which uses fake versions of trusted apps, such as Google’s Chrome and Amazon, to install vicious SOVA malware onto devices.
What makes this new attack so scary is that hackers can use the bug to send and steal two-factor authentication (2FA) codes allowing them full access to a victim’s Gmail, GPay and Google Password Manager accounts.
There have even been reports of this threat spreading to other online platforms such as banking apps and online shopping services. If you weren’t already aware, 2FA codes are used to make sure only the real owner of an account is logging into a service. When signing into a secure platform a code is requested with users then entering the digits to get access to their online accounts.
It’s super secure. However, SOVA allows the hackers to overlay a fake display on a phone’s screen which then allows them to monitor user names and passwords and steal the codes.
According to the team at Cleafy, anyone who manages to download SOVA by mistake is at high risk of having their details stolen.
SOVA was actually first discovered late last year but since then new versions have evolved which are far more sophisticated.
It’s also now been found in more areas of the world with Cleafy saying they have recently spotted it growing in areas including the UK, USA, Italy, Spain and Germany.
To avoid this malware, users are being urged to stick to apps from well-known developers and only download software from official marketplaces such as the Google Play Store.
It’s also a good idea to avoid downloading anything sent via text message or social media as this is how hackers can spread SOVA to more users.
This bug is really something that you want to avoid with experts warning that, once installed, it’s almost impossible to get rid of.
“If you suspect that your device has become infected by the Trojan, or has been locked up with the SOVA ransomware module, it is recommended that you seek professional advice,” said Ray Walsh, Digital Privacy Expert at ProPrivacy.
“A factory reset may rectify the issue of infection, however, it is not a guarantee of malware removal and comes at the cost of losing data that the ransomware has encrypted.”