Xafecopy Trojan

Xafecopy Trojan is a malware software which is affecting android operating mobile phones and can steal money through phones without any information to users.

More From CN Media –

A Russian Multinational cyber security and anti-virus provider founded in 1997 by Eugene Kaspersky – Kaspersky Lab recently discovered the in-depth data of this malware. Most targeted users are from India. At least 4,800 users have already been reported attacked of 47 countries by the Malware in just one-month out of which over 37.5 per cent victims are from India, classified by Kaspersky Lab. Three most concerned countries after India are – Russia, Turkey and Mexico. According to identifications, the malware is utilising WAP (Wireless Application Protocol) billing payment method for stealing money.

Xafecopy Trojan: A Malware Which Steals Money Through Phones

As per the reports, the malware enters a mobile phone through useful apps like batterymaster which installs malicious codes inside the phones. Once the codes established, they start connecting with web pages which enable WAP billing system. Kaspersky Lab stated – the malware uses phone supporting WAP billing over a 3G or GPRS wireless connection. After that, malware starts capturing addressed URLs of billing web pages, through a command-and-control server. Once the URLs are received, the malware starts functioning and subscribes unwanted paid platforms and charges immediately with the user’s mobile bill.

Kaspersky Lab identified that the Xafecopy is using Javascript file names, same as earlier used in Ztorg Trojan (a dangerous malware which was employed to share codes with cyber criminal gangs).

Reports states, the malware is running with a function which disables the captcha code option (which is accepted to prove humanity) during billing payments.

Other modified variants are also identified by Kaspersky states – the version can read SMS or delete users messages related to the money balance deduction. The variant can also switch users to mobile data connection if they are using any other option like wifi or the malware can switch to data connection when it is off. It is because the malware only can be operated using the mobile connection.

Tags: ,


Please enter your comment!
Please enter your name here