Android users beware: New malware XafeCopy steals money from your smartphone

The new Xafecopy Trojan usually comes disguised in the form of popular utility apps, which steal money from Android phones.

Android phone
Picture for representation. Pixabay

The next time you decide to download a battery saver or a phone booster app, think twice before hitting the install button. The ingeniously dubbed 'Xafecopy' malware comes disguised in the form of these apps and steals money from the infected smartphone.

Earlier this year, a malware called WannaCry ransomware targeted computers running the Microsoft Windows operating system and demanded ransom payments in Bitcoin currency. Just months later, a similar malware called 'Xafecopy' ransomware has been detected in 47 countries and this one targets Android smartphones.

According to experts at the world's fourth largest antivirus vendor, Kaspersky, the mobile malware steals money from victims' mobile accounts by targeting the WAP billing payment method.

Like the WannaCry ransomware which was carried out via the WannaCry ransomware Trojan, the 'Xafecopy' malware also proliferates in the form of Xafecopy Trojan which usually comes disguised in popular utility apps such as BatteryMaster. Once installed, the masked apps continue performing their seemingly normal battery saving activities, while the Trojan secretly loads a malicious code onto the device. That way, the user is least suspicious of the malware's presence.

The malware has a similar mode of operation to the WannaCry ransomware which propagated using the EternalBlue vulnerability in Windows' Server Message Block protocol (SMB). The Xafecopy malware unsuspectingly keeps tabs on webpages via Wireless Application Protocol (WAP) billing, a form of payment that allows users to buy content and charges directly from the subscriber account.

Unlike the WannaCry ransomware which had a so-called "kill-switch" hardcoded into the malware, the Xafecopy Trojan is literally unstoppable. The malware reportedly continues to silently subscribe the infected phone to a number of WAP based services, as subscriptions to these services do not necessarily require a user to register using a debit-card or set up a username and password.

The insidious malware reportedly uses deceptive techniques to bypass the "Captcha" security system that is in place to verify that the user is not a sham.

What's worth noting is the fact that both the Xafecopy malware and the WannaCry target old technologies. Older unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003, were particularly vulnerable to WannaCry ransomware attack (Windows 7 was also at a higher risk of getting attacked). Most modern internet browsers now fully support HTML, and most of them are no longer able to render or display pages written in WAP, unlike the Xafecopy malware.

Since Android phones are particularly vulnerable to the Xafecopy malware, Kapersky has warned users to exercise caution while downloading apps by unfamiliar developers. Another easy way to safeguard your phone is by updating to the latest version of Android, as most manufacturers release important security patches that help keep such malwares at bay.

Related topics : Ransomware
READ MORE