Cyber security firm Kaspersky Lab has recently discovered that a new piece of malware, Xafecopy Trojan, has been stealing money via mobile phones from users in India without them even noticing. According to Times of India, Kaspersky identified Xafecopy Trojan as malware that targets the Wireless Application Protocol (WAP) billing method to steal money via mobile accounts. The Trojan was disguised as a useful app, and when it is installed, it loads a malicious code onto the device. According to reports, more than 4800 users were hit by Xafecopy.

Kaspersky identifies malware aiming to steal money via mobile phones

Uses the Wireless Application Protocol billing form to steal money

It is not the first time a malicious program disguised itself as some kind of helpful tool. This is a reliable infection method as users usually do not even think twice before installing an apps onto their phones. And if they are downloading them from unreliable sources, and not trustworthy Android stores, they are putting their devices in even more danger.

This particular Trojan was disguised as apps like BatteryMaster and it seems to have worked as advertised. This could have prevented users from becoming suspicious, or uninstalling the app. Once it is installed, it runs malicious codes onto the devices. And once that happens, the malware essentially clicks on sites with WAP billing in the background, subscribing to various services that charge costs straight to a user’s phone bill.

Wireless Application Protocol (WAP) is a form of mobile payment that charges costs directly to the user’s mobile phone bill. The infected phone starts accessing websites with WAP billing, and subscribing to various services. It has been reported that the malware manages to bypass the captcha systems used to confirm actions are not performed by programs but actual humans. There is also no need for the user to register a debit/credit card or create a username/password.

Kaspersky further reports that WAP billing related attacks have been on the rise. Furthermore, Xafecopy specifically targeted countries where that billing method is popular. And in addition to subscribing to various services, some variants of the malware were noticed to be able to send text messages to premium-rate numbers, as well as delete texts, such as those sent by mobile operators warning about stolen money.

It is not the first time a compromised app disguised as a legitimate one was installed onto devices. And it will not be the last. Which is why users need to be extra careful about what they install onto their smartphones. It is recommended that users do not install apps from untrustworthy sources, and stick to official app stores. Even though official stores can be fooled in some cases as well, there is still less chance to obtain some kind of serious malware than if you were using an unregulated third-party store.

Leave a Reply