close

News WrapGet Handpicked Stories from our editors directly to your mailbox

New malware in India steals users' money through mobile phones

The new malware has seen around 40% of the cases in India and is a Trojan which disguises as useful apps like BatteryMaster.

New malware in India steals users' money through mobile phones
A new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones. Photo: Pixabay
Written By: PTI
Updated: Sun, Sep 10, 2017
04:48 pm
New Delhi, PTI
RELATED NEWS
India among worst-hit by new 'Fireball' malware after WannaCry fiasco India among worst-hit by new 'Fireball' malware after WannaCry fiasco
Smartphone malware surge 400% in 2016; Android devices most affected Smartphone malware surge 400% in 2016; Android devices most affected
Chipotle links sick worker to latest Norovirus outbreak Chipotle links sick worker to latest Norovirus outbreak
Mobile antivirus software sold most in 2016: Amazon Mobile antivirus software sold most in 2016: Amazon
Petya ransomware virus is back amid cyber attack - Swiss agency Petya ransomware virus is back amid cyber attack - Swiss agency

Key highlights:

  • A new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones
  • Around 40% of target of the malware has been detected in India
  • Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally

A new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones, cyber security firm Kaspersky said in a report.

Around 40% of target of the malware has been detected in India.

"Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims' mobile accounts without their knowledge," the report said.

Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally. The trojan secretly loads malicious code onto the device.

Once the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing - a form of mobile payment that charges costs directly to the user's mobile phone bill.

After this the malware silently subscribes the phone to a number of services, the report said.

The process also does not require user to register a debit or credit card or set up a user-name and password.

The malware uses technology to bypass 'captcha' systems designed to protect users by confirming the action is being performed by a human. In the captcha system, websites show a set of some letter or numbers which are required to be manually filled by the user.

"Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5% of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico," the report said.

Experts at Kaspersky Lab have found traces showing that cyber criminals gang promulgating other trojans are sharing malware code among themselves.

"Our research suggests WAP billing attacks are on the rise. Xafecopy's attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money," Kaspersky Lab Senior Malware Analyst Roman Unuchek said.

Kaspersky Lab, Managing Director- South Asia, Altaf Halde said that Android users need to be extremely cautious in how they download apps.

"It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices."

ALSO READ: