Cyber security firm detects malware that steals money via mobile phones

Published: September 11, 2017
Email
An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow July 29, 2013. PHOTO: REUTERS

An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow July 29, 2013. PHOTO: REUTERS

A new malware called Xafecopy Trojan has been detected in India, and it steals money through mobile phones, cyber security firm Kaspersky said in a report.

Around 40 per cent of targets of the malware have been detected in India. “Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge,” the report said.

Pakistan among biggest victims of malware attacks: report

Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally. The trojan secretly loads malicious codes onto the device. Once it’s activated, the malware clicks on web pages with WAP (Wireless Application Portal) billing, a form of mobile payment that charges costs directly to the user’s mobile phone bill.

The malware then silently subscribes to a number of services, the report said. The process doesn’t require user to register through a debit or credit or set up any passwords. The malware uses technology to bypass ‘captcha’ systems designed to protect users by confirming the action is being performed by a human.

“Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico,” the report said.

Experts at Kaspersky Lab have found traces showing that cyber criminals gang promulgating other trojans are sharing malware code among themselves. “Our research suggests WAP billing attacks are on the rise. Xafecopy’s attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money,” Kaspersky Lab Senior Malware Analyst Roman Unuchek said.

India, Pakistan hit by spy malware: cyber security firm

Kaspersky Lab, Managing Director- South Asia, Altaf Halde said that Android users need to be extremely cautious in how they download apps. “It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices.”

This article originally appeared in FirstPost.

Facebook Conversations

More in Technology