New Delhi, Sept 11: A new malware, identified as Xafecopy Trojan, could steal money from a user’s smartphone, claims a study undertaken by anti-virus developer Kaspersky Lab. Also Read - Your digital data could be on sale for less than USD 50: Study

The trojan enters the mobile through apps such as BatteryLife, the report says, without affecting the functioning of the mobile phone. However, it lodas malicious codes onto the device. Also Read - Over 1/3 of phishing attacks target financial sector customers in Q2

After the codes being loaded, the trojan gets activated and begins opening web pages using the Wireless Application Protocol (WAP) billing – a form of mobile payment – which adds cost directly to the phone user’s post-paid bill. Also Read - Hackers target smartphones to mine cryptocurrencies

The process, Kaspersky claims, does not require verification of debit or credit card. It is also designed in a manner to bypass the captcha – a random combination of letters, numbers, symbols on websites which the user has to manually fill to confirm he is a real human rather than designed software code.

“Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico,” the report states.

In the past month, Kaspersky recommended users to install reliable security solution on their devices to ward off the threat from such trojans.

Kaspersky Lab researchers have discovered an unusual rise in mobile Trojan clickers that are stealing money from Android users through Wireless Application Protocol (WAP) billing (a type of direct mobile payment taken without any additional registration).

It also detected several popular Trojan families among the “TOP 20 mobile malware programs” using the WAP-billing service. To become active through mobile Internet, all Trojan versions are able to turn off Wi-Fi and turn on mobile data.

According to KSN statistics, this Trojan infected almost 8 000 infected users from 82 countries, in July 2017.

Based on Kaspersky Lab research it was the third most common Trojan in June 2017, among those exploiting WAP-billings, and is still active mainly in Russia.

(With inputs from ANI)