Explorer

'Xafecopy' mobile malware detected in 40pct of India; looting victims through WAP billing

New Delhi [India], Sept 7 (ANI): Experts at Kaspersky Lab experts uncovered a mobile malware 'Xafecopy Trojan' targeting the Wireless Application Protocol (WAP) billing payment method, stealing money through victims' mobile accounts without their knowledge, disguised as useful apps like BatteryMaster.

The malware, which has spread to 40 percent of the Indian landscape, is said to be operating normally while secretly decrypting and loading malicious code onto the device. Some of the names in the JavaScript files used by Xafecopy are also seen in the infamous Ztorg Trojan, suggesting possible code sharing between criminal gangs.

Once activated, the Xafecopy malware clicks on web pages with WAP billing - a form of mobile payment that charges costs directly to the user's mobile phone bill so they don't need to register a card or set up a username and password - and then silently subscribes the phone to a number of services. The malware uses JavaScript files that can bypass 'captcha' systems designed to protect users by confirming the action is being performed by a human.

"WAP billing can be particularly vulnerable to so-called 'clickjacking' as it has a one-click feature that requires no user authorization. Our research suggests WAP billing attacks are on the rise. Xafecopy's attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to Premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money," said Roman Unuchek, Senior Malware Analyst, Kaspersky Lab.

Xafecopy hit more than 4,800 users in 47 countries in a span of one month, with 37.5 percent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico.

"Android users need to be extremely cautious in how they download apps. It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices," said Altaf Halde, Managing Director- South Asia, Kaspersky Lab.

Persuading users from falling prey to the infectious malware, it is important for Android users to note that the apps they are downloading have been created by a reputable developer, and use only reputable online stores.

Further, users must keep their OS and application software up-to-date, and refrain from downloading anything that looks suspicious or whose source cannot be verified. (ANI)


This story has not been edited. It has been published as provided by ANI

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headline

'Have To Save Our Families': PM Modi Blasts DMK Over Drug Busts In TN, Says 'BJP Enough To Fight Menace'
PM Modi Blasts DMK Over Drug Busts In TN, Says 'BJP Enough To Fight Menace'
Will Sunita Kejriwal Become Delhi CM? Know Delhi Minister Atishi's Response At ABP Shikhar Sammelan
Will Sunita Kejriwal Become Delhi CM? Know Delhi Min Atishi's Response At ABP Shikhar Sammelan
Mukhtar Ansari Death: UP Court Orders Probe After Son Claims Father 'Poisoned' In Jail — Top Points
Mukhtar Ansari Death: UP Court Orders Probe After Son Claims Father 'Poisoned' In Jail — Top Points
'BJP Should Pay Rs 4,600 Crore': Congress Slams Income Tax Dept, ECI After Getting Rs 1,700-Crore Notice
'BJP Should Pay Rs 4,600 Crore': Congress Slams Income Tax Dept, ECI After Getting Rs 1,700-Crore Notice
Advertisement
for smartphones
and tablets

Videos

Emotional Yet Fun Video Featuring Kapil Sharma, Tabu & Rhea Kapoor, Sharma To Star In 'Crew'ABP Shikhar Sammelan 2024: Anurag Thakur's counterattack to opposition over electoral bondsABP Shikhar Sammelan 2024: Why did BJP canceled tickets of more than 100 sitting MP's?|Anurag ThakurABP Shikhar Sammelan 2024: Anurag Thakur's gets angry on TMC-Congress over remarks on Kangana Ranaut

Photogallery

Embed widget