New malware stealing Indian users' money through smartphones

Xafecopy Trojan is disguised as useful apps such as BatteryMaster

By
Web Desk
|
Photo: File

Year 2017 is proving to be the year of malware attacks, with the most number of malware attacks reported this year.

A new malware — Xafecopy Trojan — has been detected in India, which steals money through victims' mobile phones, according to cyber security firm Kaspersky.

According to Kaspersky’s report, forty percent of the targeted users are Indians.

The report reads: "Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money from victims' mobile accounts without their knowledge."

Xafecopy Trojan is disguised as useful apps such as BatteryMaster that operate normally, to prevent users from getting suspicious. The trojan secretly loads malicious code onto the device of users for illegal activities.

Once the app is activated, Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing. WAP is a type of mobile payment that charges costs directly to the user's mobile phone bill. The malware then silently subscribes to a number of services using the phone.

The process has raised alarm bells with IT security experts, as the services do not require users to register a debit or credit card or set up a username and password.

The malware’s coders have used some technology to bypass the 'captcha' systems designed to protect users by confirming that the action is being performed by a human.

"Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 percent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey, and Mexico," the report noted.

Experts at Kaspersky Lab believe that the cyber criminals' gangs promulgating other Trojans are sharing malware code among themselves.

"Our research suggests WAP billing attacks are on the rise. Xafecopy's attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money," Kaspersky Lab senior malware analyst Roman Unuchek said.

Kaspersky Lab, managing director-South Asia, Altaf Halde said that Android users need to be extremely cautious in how they download apps.

"It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices," Halde advised.