Xafecopy you mask the app to improve the performance of the battery

Bochum – Who was induced to purchase a subscription service through a mobile device knows how frustrating, expensive and tedious to get rid of it. Malware discovered recently is able to subscribe to dozens of subscriptions without the user’s knowledge or consent. Ben amara, surprise, when the bill comes monthly.

WAP-billing is not new

This subscription business model has been for decades a business popular and lucrative, sometimes also advertised aggressively on tv channels music. By sending a message containing a specific word to a number, you received ring tones, wallpaper, horoscopes and the like for a fee weekly billed in the invoice. This has caused strong criticism from the associations of the consumers, given that it was not always clear to users that by doing so, they would have a subscription.

This method called “WAP-billing” is still in use today as a form of payment for services or donations. You can either send a message with a keyword to a specific number enter the number on a web site.

What exactly is meant by WAP?

WAP stands for Wireless Access protocol, wireless access), and indicates a category of technologies that are the basis of today’s mobile Internet. In the late nineties, were available to mobile devices that could access the Internet via the WAP, to send MMS messages was through WAP. The traffic data was charged for each click. In addition, the WAP could also be used for payment services, often much to the chagrin of the interested parties. In the meantime, the operators are evolved, if the user accesses a WAP service for a fee, divert first page, informing him that the service is not free.

Abuse through malware

Both billing methods are exploited by a new Android malware hidden in an app that should “optimize” the battery of the device. In reality, the app accesses in the background to various web sites by automatically switching to subscriptions to which the user will be known only on receipt of the invoice. Of course, the suppliers of payment services are obliged to implement security measures to prevent such offences.

In fact, usually the activation of similar services, the user must solve a CAPTCHA or enter a confirmation code received via SMS. These measures are that the malware Xafecopy eludes simulating the pressure on the keys, and handing it on in the background. In this way, the malicious app can subscribe to a potentially unlimited number of subscriptions.

Clear signs indicate that Asia as a source of malware.

How to protect yourself

  1. Check the access rights requested by the app and wonder if they are consistent with the task that has to play the app. Why an app of optimization of the battery should be able to send messages to numbers that charge? Although in the most recent versions of Android is possible to revoke certain permissions even after the installation, it would be safer to ask questions to install the application.
  2. Ask your operator to block access to any premium services. In this way, it is impossible to make subscriptions to the services through WAP, thereby preventing the malware from draining the bank account of the victim through unwanted subscriptions.
  3. Install an anti-malware protection is effective on your smartphone.

More information

To have all the technical details on Xafecopy just refer to the complete analysis of the researcher G DATA Nathan Stern, available HERE (text in English).

G DATA Software AG

Founded in 1985 in Bochum, G DATA has a history of over thirty years in the fight and prevention against threats and is one of the world’s leading providers of solutions for IT security, awarded numerous awards for the quality of the protection provided and ease of use.

G DATA manufactures and sells security solutions that fully adhere to the european regulations on data protection. The portfolio of products G DATA includes security solutions for businesses, from micro to large companies, and applications aimed at consumers. The security solutions G DATA are available in more than 90 Countries all over the world.

The technical Partner of Ducati Corse for MotoGP, G DATA has the task of protecting the IT systems of the track in the Ducati team.

More information on G DATA and security solutions are available on the website www.gdata.it