A new mobile malware Xafecopy Trojan has been detected in India, Kaspersky said in a report. It steals money from victim’s mobile phones via Wireless Application Protocol (WAP) billing payment method. Victim’s mobile currency is used without his knowledge.
Around 40 % audience of this malware has been detected in India. Xafecopy Trojan is disguised as useful apps like BatteryMaster and operates as a normal app but secretly loads malicious code onto the device. Once the app is run, the Xafecopy malware clicks on web pages with WAP billing, it is a form of mobile payment which charges directly to the users mobile phone bill. Later, the malware silently to subscribes the victim’s phone to n number of services with the intention of stealing money. This method of payment doesn’t require any debit or credit card details and is also not password protected. Hence, the crime committed by cyber criminals is like being done in a shadow without a slightest knowledge to the victim.
There is only one captcha verification (letters and numbers to be entered same as in the image) to be undergone during this transaction. The malware smartly bypasses this captcha systems with smart softwares in order to portray itself as a human action. The report said, ”this malware has hit 4,800 users in 47 countries in a duration of just 1 month, with 37.5 % of attacks detected and blocked by Kaspersky Lab mobile protection products targeting India, followed by Turkey, Russia and Mexico.”
Xafecopy attacks targeted countries where WAP billing payment methods are popular. The variations of this malware also has the ability to text message from your mobile device to premium-rate phone numbers and to delete incoming text messages to hide alerts from mobile phone network operators about the stolen money. It is also found that cyber criminal gangs are sharing the malware code among themselves with an intention to spread it more and steal more money.
Android Users should be extremely cautious and take following measures with utmost care:
- Do not download 3rd party apps randomly.
- Before downloading any app, learn about its authenticity.
- Keep an eye on your mobile currency balance.
- Do not download any unnecessary extra apps on your Android device.
- On receiving apk links from random sources, never click them for app download.
- Use a good cyber security utility for your mobile, to keep your data secure.
Prevention is better than cure. Hence, always be aware and careful about the malwares which are common these days for any electronic devices. Logix Infosecurity provides cyber security measures to avoid damages caused by latest cyber attacks.