In Capsule:- Xafecopy, a new malware detected in India which steals money via mobile phone
- The malware was uncovered by Kaspersky, a leading Cyber security firm
- 40% of the target is detected in India
- It makes use of technology that bypasses Captcha systems
- “Android users need to be extremely cautious in how they download apps” Kaspersky Lab, Managing Director- South Asia, Altaf Halde said.
Xafecopy! A new Trojan has initiated high tech robbery through mobile phones, Kaspersky, a leading cyber security firm reported. The expert Investigations suggest that 40% of target of the Xafecopy malware points towards India. "Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims' mobile accounts without their knowledge," the report stated. Xafecopy Trojan is installed on victim’s mobile as one of the legitimate apps like BatterMaster and those with similar functions. Once installed, Xafecopy operates normally and injects a malicious code stealthily on to the device without the user’s knowledge. Once the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing - a form of mobile payment that charges costs directly to the user's mobile phone bill. After this, the malware silently subscribes the phone to a number of services, the report said. The most interesting point is that this robbery does not require your debit/credit card registered or create a username and password. How Xafecopy Trojan steals your money? The malware makes use of some hi-tech technology to bypass 'captcha' systems. Captcha is designed to protect internet users whereby the server confirms that the user is a human being. It instructs the user to manually type some case-sensitive letters. "Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey, and Mexico," the report said. Kaspersky Lab experts have picked out traces indicating that cyber criminals are promoting other Trojans share Xafecopy code among themselves. "Our research suggests WAP billing attacks are on the rise. Xafecopy's attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money," Kaspersky Lab Senior Malware Analyst Roman Unuchek said. “Android users need to be extremely cautious in how they download apps” Kaspersky Lab, Managing Director- South Asia, Altaf Halde said. "It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices."
