The year 2017 has already witnessed a series of ransomware and malware attacks never before seen in the history of global cyberspace evolution, and now, a new threat in the form of Xafecopy Trojan has emerged. This malware is capable of stealing money from a victim's infected mobile phone.

Kaspersky Lab experts have uncovered this mobile malware, which targets the WAP billing payment method, stealing money from victims' mobile accounts without their knowledge.

Also read: Google's Android team track, kill deadly Lipizzan malware in record time

So far, the Xafecopy Trojan has been detected in 47 countries, and 40 percent of the attacks were shockingly carried out in India.

How Xafecopy infiltrates mobiles

The Xafecopy Trojan usually comes disguised in popular utility apps such as BatteryMaster, and avoids suspicion by performing normal activities like cleaning the memory and detecting battery-draining apps. All the while, the trojan secretly loads malicious code onto the device.

Once the app is activated, the Xafecopy malware keeps tabs on webpages via Wireless Application Protocol (WAP) billing — a form of mobile payment that charges fees directly to the user's mobile phone bill — thereby siphoning money without ever getting noticed by the victim.

Android ransomware, malware, Xafecopy
[Representative Image] A new Xafecopy malware is targeting Android smartphone users in India.Creative Commons

What's more shocking is that the Trojan never stops: It will continue to silently subscribe the phone to a number of services, as the process also does not require the user to register a debit or credit card or set up a username and password, the Kaspersky Lab report noted.

The malware reportedly uses deceptive techniques to bypass "Captcha" systems, which are designed to protect users by confirming whether actions are being performed by a human.

It has come to light that Xafecopy has hit more than 4,800 users in 47 countries within the space of a month, and Kaspersky Lab has been able to detect and neutralise 37.5 percent of the attacks detected in India, Russia, Turkey and Mexico.

Kaspersky has warned that Android mobile users are more vulnerable to the Xafecopy malware, and advised those users to exercise caution while downloading mobile applications developed by unfamiliar developers.

"It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices," PTI quoted Altaf Halde, Kaspersky Lab managing director—South Asia, as saying.

Here's how to protect Android phones from Xafecopy and other malwares

  • Always keep to your smartphone updated with the latest firmware. Most companies send software updates — especially security patches on priority basis and always make sure to update them immediately
  • Make sure to use premium Antivirus software, which also provide malware protection and internet security
  • Never open emails sent from unknown senders
  • Never install apps from unfamiliar publishers