Xafecopy Malware Steals Money through Mobile Phones

hacker using laptop and cellphone

A new malware, Xafecopy, masquerades as a utility app and penetrates a billing feature to siphon funds from Android users’ credit/debit accounts.

With the density of devices and high volume of internet traffic, the Western countries, and particularly the United States, used to be the central targets for malware attacks.

Now, for a change, it is in India that mobile users are being targeted by a dangerous Trojan going by the name Xafecopy.

And it is the Android phones which are bearing the brunt.

India is largely an Android smartphone market; therefore, this threat from Xafecopy is real for practically every mobile device owner in the country.

One must hasten to add that this malware is found to affect phones which have the wireless application protocol (WAP) payment mechanism functioning on their systems.

In this system, mobile payments being made by a credit or debit card are directly recovered from the bill, raised by the mobile operator.

App in Disguise as Utility Tool

The offending app that causes such disruption in Android phones usually shows up as a tool to improve the performance of the mobile system, like enhancing the battery life or improving the functioning speed.

At first, at least, users may not be able to detect anything amiss.

But the app will begin injecting the malware codes into the device and start taking control.

From thereon, users may end up being helpless against the havoc the Trojan can inflict.

Can Override Many Security Layers

Payment gateways set up a few hurdles to prevent the misuse of their formats, and have a verification process at every step.

You will be generally required to input a captcha to make sure no robot is inputting the entries.

But Xafecopy is able to override this hurdle and start directly inputting details of the credit/debit cards it has stolen from your mobile device.

It has the inherent capability to reach for sites that accept the WAP form of billing and start filling out the necessary details.

The worst part is that those who developed this malware have gone on to devise means by which the short message you receive from your card operator about the amount used from your account can also be blocked from delivery.

Additionally, Xafecopy can go on to add your phone number as a subscriber to different services which the attacker can avail and charge to your mobile bill.

Kaspersky Labs Detected Xafecopy

Kaspersky logo

Kaspersky detected this threat

A researcher with the internet security firm Kaspersky Labs first detected this malware.

According to the company, they managed to block the Trojan before it could cause any damage on the devices which have their anti-virus products installed therein.

They indicate that Xafecopy has staged its attack in over 45 countries, and close to 5,000 devices may have fallen victim to this malware.

The worst to suffer appear to be from India, where around 40 percent of all Xafecopy attacks have occurred. The other major regions/countries to have faced the brunt include Russia, Turkey and Mexico, in that order.

The recent spurt in digital and mobile transactions in India following the government’s demonetization exercise might have attracted the malware developers and those who deployed them.

Ways to Avoid Being Sucked into the Trap

Security experts have made a few recommendations for mobile users to stay safe from such malware on their devices.

Since this particular Trojan has been found in Android devices, the first precaution is to avoid installing any app from outside the Play Store.

This is a mistake many users end up committing. Once an app shows up and is found enticing, it’s easy to just click and install the new program on your phone. Therein lies the danger.

Even if you’re keen to use an app, ensure that you have a fallback mechanism like the Google Play Protect utility to scan the app thoroughly before installing it, so that the malware can be detected and removed in a timely manner.

Apart from the above, you will also have to check and ensure that your device has the latest firmware updates properly installed in it.

Most device developers have the automatic update mechanism, while others may send you the updates in the form of patches.

You should not ignore them since they would have the weapons to detect and kill such malware even before any damage is done.

Finally, it’s always good to have a solid antivirus package installed on your mobile phone and to keep it current always.

Leave a Reply