Mobile Accounts Drained of Money by Xafecopy Malware

Xafecopy malware is a new Trojan that is being leveraged to take money from victims using their smartphone devices. The malware looks like a useful apps that function exactly as expected, although along with the useful functions, the apps have a sinister aim.

Downloading the apps activates Xafecopy malware, which silently subscribes the infected smartphone to a number of online services using websites that use the WAP billing payment method. Rather than ask for a credit card for purchases, this payment method adds the cost of the service to the user’s mobile phone bill. Due to this, it can take up to a month before the victim realizes they have been defrauded.

Several apps are used to share the malware, including BatteryMaster – An app that can kill processes on a smartphone to save battery life. Once downloaded, Xafecopy malware searches for websites that have the WAP billing feature and signs up for the services. These websites often use the captcha system to prove that the user is human, although the malware uses JavaScript to bypass this control.

Extra features of Xafecopy malware include the ability to share text messages from the user’s device to premium rate phone numbers. The malware can also erase incoming text messages, such as text messages alerting users about services they have subscribed to and warnings from network operators about potential theft.

To date, there are over 4,800 victims spread across 47 countries around the globe, although most of the WAP billing attacks have been witnessed in India, Mexico, Turkey and Russia, with India accounting for 37.5% of the WAP billing attacks. WAP billing attacks are focused in countries where WAP billing is most popular.

Kaspersky Lab senior malware analyst Roman Unucheck stated, “WAP billing can be particularly vulnerable to so-called ‘clickjacking’ as it has a one-click feature that requires no user authorization. Our research suggests WAP billing attacks are on the rise.”

While the majority of PC users have antivirus software installed, the same is not true for users of Android devices. Many users still do not use a security suite on their mobile devices to safeguard them from malware, even though they often use their smartphones to sign up and pay for online services or access their bank accounts.

Downloading antivirus software can help to stop Xafecopy malware infections. It is also important not to install apps from unofficial stores and to scan all apps with the Verify Apps tool.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has focus on data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone.