Security researchers discover new Xafecopy malware stealing money through mobile phones

The malware clicks WAP form links on websites which charge users directly to their phone bill. The malware also deletes incoming messages which would notify users of the unauthorised billing.

Published Date
11 - Sep - 2017
| Last Updated
11 - Sep - 2017
Security researchers discover new Xafecopy malware stealing money...

Kaspersky has discovered a new malware Xafecopy, which steals money through its victim’s mobile phones. The report states that around 40 percent of the malware’s targets have been detected in India. The Xafecopy malware disguises itself as a useful app such as BatteryMaster and behaves normally. 

The report states that, once executed, the app injects a malicious code into the victim’s device and takes control in the background. The malware then starts clicking on web pages hosting Wireless Application Protocol (WAP) billing forms. The WAP billing form is a type of mobile payment which directly charges the user's mobile phone bill instead of any debit or credit card. After this, the malware silently subscribes the phone to a number of services. 

As mentioned earlier, victim’s do not even need to set up their debit/credit cards or a username and password. The malware also bypasses the Captcha system WAP forms use to verify if a person or a bot is performing the requested actions. "Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico," the report said 

Kaspersky Lab Senior Malware Analyst Roman Unuchek said, "Our research suggests WAP billing attacks are on the rise. Xafecopy's attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money." 

Kaspersky Lab MD, South Asia, Altaf Halde said that Android users should not trust third-party apps and need to be extremely cautious in how and from where they download apps. Whatever apps users do download, should be scanned locally with the Verify Apps utility, but Android users should be running a mobile security suite on their devices.

The scare of malwares making their way to Android is nothing new. Recently, Judy malware was found affecting nearly 36.5 million devices. Judy malware was an auto-clicking adware designed to generate revenues for its perpetrators by generating large amount of fraudulent clicks on advertisements. Trying to tackle the issue of malicious apps, Google has integrated the Play Protect feature in its play store and upcoming devices. The feature scans an android device in real-time and reports if any issues or abnormalities are found.

Shubham SharmaShubham Sharma

Working on a miniaturised version of the Arc Reactor.