Mobile malware Xafecopy robs victims through WAP Billing – almost 40% of targets in India

Once activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing - a form of mobile payment that charges costs directly to the user’s mobile phone bill so they don’t need to register a card or set up a user-name and password - and then silently subscribes the phone to a number of services.

An exploration by private digital security arrangement firm have revealed a versatile malware focusing on the WAP charging installment technique, taking cash through casualties’ portable records without their insight.

The Xafecopy Trojan is veiled as helpful applications like BatteryMaster, and works regularly while subtly decoding and stacking noxious code onto the gadget. A portion of the names in the JavaScript documents utilized by Xafecopy are likewise found in the scandalous Ztorg Trojan, proposing conceivable code sharing between criminal packs.

Once enacted, the Xafecopy malware taps on site pages with Wireless Application Protocol (WAP) charging – a type of portable installment that charges costs straightforwardly to the client’s cell phone charge so they don’t have to enlist a card or set up a client name and secret word – and afterward noiselessly buys in the telephone to various administrations. The malware utilizes JavaScript records that can sidestep ‘captcha’ frameworks intended to secure clients by affirming the activity is being performed by a human.

“WAP charging can be especially defenseless against supposed snap jacking as it has a single tick include that requires no client authorisation. Our exploration proposes WAP charging assaults are on the ascent. Xafecopy’s assaults focused on nations where this installment strategy is prevalent. The malware has likewise been distinguished with various adjustments, for example, the capacity to instant messages from a cell phone to Premium-rate telephone numbers, and to erase approaching instant messages to conceal cautions from portable system administrators about stolen cash,” clarifies Roman Unuchek, senior malware expert, Kaspersky lab.

Xafecopy has hit in excess of 4,800 clients in 47 nations inside a month, with 37.5% (1800) of the assaults distinguished and blocked focusing on India, trailed by Russia, Turkey and Mexico.

“Android clients should be greatly wary by they way they download applications. It is best not to trust outsider applications, and whatever applications clients do download ought to be examined locally with the check applications utility. Yet, past that, android clients ought to run a portable security suite on their gadgets on their gadget”, included Altaf Halde, South Asia overseeing chief of the digital security firm.

Source :


Please enter your comment!
Please enter your name here