Around 40% of the targets of new malware Xafecopy Trojan which steals money through people’s mobile phones have been detected in India, according to cyber security firm Kaspersky.
Xafecopy Trojan is concealed as useful apps like Battery Master and operates casually coding malicious code into device. The user’s money is then stolen by charging costs directly to their phone bill.
Xafecopy has been found, using Java script file names, which was previously used by disreputable Ztorg Trojan triggering a possibility of code sharing between cyber criminal gangs.
Kaspersky Lab experts have disclosed a mobile malware targeting the WAP billing payment method, stealing money through victim’s mobile accounts without their knowledge- report stated.
When the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing, a form of mobile payment that charges costs directly to the user’s mobile phone bill. After this the malware silently subscribes the phone to a number of services, the report said.
There is no need to register a debit or credit card or set up a user name or password.
The malware uses technology to detour ‘captcha’ systems engineered to rescue users by confirming the action is being performed by a human. In the captcha system, websites show a set of some letter or numbers which are required to be manually filled by the user. – The report said.
Kaspersky Lab experts have found traces showing that cyber criminals gang disseminating other trojans are sharing malware code among themselves.
Our research suggests WAP billing attacks are on the rise. Xafecopy’s attacks targeted countries where this payment method is popular.
The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money – Kaspersky Lab Senior Malware Analyst Roman Unuchek said.
“Android users need to be extremely cautious in how they download apps,” Kaspersky Lab, Managing Director- South Asia, Altaf Halde said.
Modified versions of Xafecopy were also spotted. Here the malware is capable of sending SMS from the device to premium-rate phone numbers and to delete incoming SMS from the mobile network provider hiding alerts about balance deduction by reading incoming messages and checking for words like subscription.
The malware has the ability to switch a user from Wi-Fi connection to mobile data. This is because WAP billing works only when the user is connected to a mobile connection.
“It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices.”