The new Xafecopy malware Trojan, which steals money from mobile phone users, has been recently detected by a Russia-based internet security firm Kaspersky. What’s alarming is that the penetration rate reveals 40 per cent of the malware’s targets has been in India.
The Xafecopy Trojan is categorised as a malware because it gets side loaded along with other useful apps and then loads malicious code onto the device.
Here is how the Xafecopy Trojan works:
The major entry point for any malware or ransomware is the installation of unverified apps from unknown sources. While the default setting of most smartphones restricts installing any app from an unknown source, the setting can easily be changed by the user.
Once the unverified app affected with Xafecopy Trojan or any other malware is installed and activated in the mobile phone, they spread in the root files of the smartphone and operate discreetly.
The Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing – a form of mobile payment that required no credit/debit card information or CAPTCHA for security. The cost of purchases made through WAP billing is charged directly through the user’s bill.
How to identify if your device is affected
Because the malware works through WAP billing it requires a mobile data connection to operate and, therefore, the Trojan malware automatically disables the wireless connection. If you notice that your smartphone turns off the wireless connection randomly, there is a need to get your phone checked.
Also check your monthly bill for details. If you see any service activated other than what you know of, get in touch with telecom operator and seek information on it. Get the service cancelled and identify the app that raised the request to activate that service.
Run a background check of all the apps using Google Play protect to understand if all the apps are safe. If the phone fails to respond while scanning the app or if the list of apps shows fewer apps than what you have installed, look at the apps that do not feature in the Google Play app list and uninstall them at the earliest.
How to protect devices against such threats
- Prohibit the installation of apps from unknown sources. This type of Trojan can be distributed through advertisements, and with this prohibition in place, you simply will not be allowed to install them.
- Install a reliable mobile security anti-virus and internet security app that keeps a check on apps activity.
- Most of the telecom operators provide the option to disable WAP billing from the backend. Get the service suspended by getting in touch with a telecom operator.