2017 has witnessed numerous ransomware and malware
attacks. The new malware Xafecopy
Trojan, which steals money
from mobile phone users, has been recently detected by a Russia-based internet security firm Kaspersky. What's alarming is that the penetration rate reveals 40 per cent of the malware's targets has been in India.
The Xafecopy Trojan
is categorised as a malware
because it gets side loaded along with other useful apps
and then loads malicious code onto the device.
The major entry point for any malware
or ransomware is the installation of unverified apps
from unknown sources. While the default setting of most smartphones
restricts installing any app from an unknown source, the setting can easily be changed by the user.
Once the unverified app affected with Xafecopy Trojan
or any other malware
is installed and activated in the mobile phone, they spread in the root files of the smartphone and operate discreetly.
The Xafecopy malware
clicks on web pages with Wireless Application Protocol (WAP) billing - a form of mobile payment that required no credit/debit card information or CAPTCHA for security. The cost of purchases made through WAP billing is charged directly through the user’s bill.
How to identify if your device is affected
Because the malware
works through WAP billing it requires a mobile data connection to operate and, therefore, the Trojan malware
automatically disables the wireless connection. If you notice that your smartphone turns off the wireless connection randomly, there is a need to get your phone checked.
Also check your monthly bill for details. If you see any service activated other than what you know of, get in touch with telecom operator and seek information on it. Get the service cancelled and identify the app that raised the request to activate that service.
Run a background check of all the apps
using Google Play protect to understand if all the apps
are safe. If the phone fails to respond while scanning the app or if the list of apps
shows fewer apps
than what you have installed, look at the apps
that do not feature in the Google Play app list and uninstall them at the earliest.
How to protect devices against such threats
Prohibit the installation of apps from unknown sources. This type of Trojan can be distributed through advertisements, and with this prohibition in place, you simply will not be allowed to install them.
Install a reliable mobile security anti-virus and internet security app that keeps a check on apps activity.
Most of the telecom operators provide the option to disable WAP billing from the backend. Get the service suspended by getting in touch with a telecom operator.