According to Cyber-security firm Kaspersky, a new malware called Xafecopy Trojan has been detected in India.
The malware claims to steal money, by tapping into your mobile phones.
“Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge,” the report said.
The malware gets installed in the victim’s phone, impersonating itself as a safe application such as BatteryMaster. It loads malicious content onto the device and uses it for transactions via WAP (Wireless Application Portal) billing.
It should be mentioned that WAP is a form of mobile payment that charges costs directly to the user’s mobile phone bill.
The report said that the malware then silently subscribes to a number of services. It uses technology in order to bypass the ‘captcha’ systems – systems that are designed to confirm if the end user is a human.
The malware does not require the user to assist it by setting any passwords or by using credit or debit cards.
Xafecopy’s Major Victim
Around 40 per cent of targets of the malware have been detected in India.
“Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico,” the report said.
WAP: Not the Only Method For Internet Theft
According to experts at the Kaspersky Lab, cyber-criminals who created this Trojan are sharing the malware’s code among themselves.
They further added that attacks through WAP are on the rise but these are not the only methods used.
“The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money,” Kaspersky Lab Senior Malware Analyst Roman Unuchek said.
Kaspersky Lab Managing Director Warns Android Users
The managing director of Kaspersky Lab, South Asia, Altaf Halde warned Android users to be extremely cautious when downloading apps.
“It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices,” he said.