You are here: Home » Technology » News » Mobiles & Tablets
Business Standard

Beware! New malware Xafecopy Trojan is stealing money through your phone

Around 40 per cent of target of the malware has been detected in India

Press Trust of India  |  New Delhi 

Xafecopy Trojan
Around 40% of target of the malware has been detected in India

A new has been detected in which steals money through victims' mobile phones, firm said in a report.

Around 40 per cent of target of the has been detected in


"Lab experts have uncovered a mobile targeting the billing method, stealing money through victims' mobile accounts without their knowledge," the report said.

is disguised as useful apps like BatteryMaster and operates normally. The secretly loads malicious code onto the device.

Once the app is activated, the Xafecopy clicks on web pages with Wireless Application Protocol (WAP) billing - a form of mobile that charges costs directly to the user's mo bile bill. After this the silently subscribes the to a number of services, the report said.

The process also does not require user to register a debit or or set up a user-name and password.

The uses to bypass 'captcha' systems designed to protect users by confirming the action is being performed by a human. In the captcha system, websites show a set of some letter or numbers which are required to be manually filled by the user.

"Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Lab products targeting India, followed by Russia, Turkey and Mexico," the report said.

Experts at Lab have found traces showing that cyber criminals gang promulgating other are sharing code among themselves.

"Our research suggests billing attacks are on the rise. Xafecopy's attacks targeted countries where this method is popular. The has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money," Lab Senior Analyst Roman Unuchek said.

Lab, Managing Director- South Asia, Altaf Halde said that users need to be extremely cautious in how they download apps.

"It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, users should be running a mobile security suite on their devices.

First Published: Mon, September 11 2017. 11:15 IST
RECOMMENDED FOR YOU
RECOMMENDED FOR YOU