Xafecopy Trojan Malware: Discreetly Stealing Your Money

This year we have seen numerous ransomware and malware attacks. Cybersecurity experts have discovered a new malware Xafecopy Trojan, which is designed to steal the user’s money through the smartphone. The Russia based cybersecurity firm Kaspersky Lab said in a report that around 40% of the victims of malware has been detected in India, is noticeable. It attacks the WAP billing payment method and steals the user’s money through infected mobile devices without their knowledge.

What is Xafecopy Trojan malware?

This newfound Xafecopy Trojan is a harmful malware software of the Ubsod family, targeting the Android operating system. Detected in September 2017 for the first time by cybersecurity and antivirus provider Kaspersky mainly targeting payment mechanisms on India based Android mobile devices.

According to Kaspersky, “Xafecopy hit around 5,000 users in 47 countries within the span of 30 days. while, around 40% of the attacks were detected and blocked by Kaspersky Lab products Like Anti-virus, Anti-malware, and total internet security. Targeted countries include India, Russia, Turkey, Mexico and follows” the report said.

Roman Unuchek Senior Malware Analyst at Kaspersky Lab said, “Xafecopy’s attacks particularly targeted countries where this WAP billing payment method is widely popular, and these WAP billing attacks are growing fastly. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money,” he said.

How Xafecopy steal your money?

Basically, any malware or ransomware is entered along with the installation of unverified apps from unknown sources.

Xafecopy Trojan Malware: Discreetly Stealing Your Money 1

Xafecopy Trojan malware also secretly enter into your android mobile device in the form of useful android apps like Battery Master without your knowledge. And this malware app works normally on your device to avoid suspicion, in the meanwhile, it loads malicious code onto the mobile device.

Once this malware app installed on your mobile, the Xafecopy malware secretly clicks on web pages with Wireless Application Protocol (WAP) billing payment system, a form of mobile payment gateway. After this the malware discreetly subscribes the users to various paid services, the reports said.

The process also does not require the user to register a debit or credit card or set up login credentials. The Xafecopy Trojan malware uses a new technology to bypass captcha systems designed to protect users by confirming the action is being performed by a human.

How to identify if your mobile phone is malware-infected?

Xafecopy Trojan Malware: Discreetly Stealing Your Money 2

1. Wi-Fi turns off automatically

Though, the newly detected malware works through WAP (wireless application protocol) billing payment system it requires the Internet connection to operate. Then the Xafecopy Trojan malware will automatically turn off the wireless connection (Wi-Fi). If you notice that your smartphone frequently turns off the wireless connection without your permission, then your android mobile phone might be malware-infected.

2. Your phone bill rises high

Check your mobile bill for details. If you notice any unknown or unnecessary service activated other than what you have opted for. Contact your telecom customer care representative and seek information on it. Deactivate the unwanted services.

Mobile Security Tips From Kaspersky Lab:

  • Use a powerful anti-virus app like Kaspersky Mobile Security to be safe online.
  • Uninstall all the third-party Android apps that are download other than from the Google Play Store.

How to protect your mobile phone from the malicious virus, malware, and ransomware?

Kasper Sky Mobile Security

  • Avoid installing apps from unknown sources, this is the major entry point for ransomware and malware. A Trojan can also be spread through online ads.
  • Do not Trust third-party apps, before installing them scan locally with the Verify Apps utility.
  • Install a reliable mobile security anti-virus and internet security app. Frequently scan your mobile phone for malicious software, and remove malware and virus from your mobile phone.
  • Most of the telecom operators provide the option to disable WAP billing from the backend. Request your telecom operator for disabling the WAP billing server, if needed.


There is nothing worse than your device attacked by malicious software like viruses, ransomware, and malware and enough damage happened. So, It is always better to have installed mobile security apps on your device, including Anti-virus, Anti-malware, and Internet security.

Randomly scan your mobile phone for malicious software and remove harmful viruses and malware from your mobile phone.

We hope you enjoy the article, share your thoughts on this by commenting below. Please like and follow us on social media for the latest updates for Tech Lurn.

Leave a Comment