1. Home
  2. New malware steals users' money through mobile phones: Report

New malware steals users' money through mobile phones: Report

Agencies
September 10, 2017

New Delhi, Sep 10: A new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones, cyber security firm Kaspersky said in a report.

Around 40 per cent of target of the malware has been detected in India.

"Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims' mobile accounts without their knowledge," the report said.

Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally. The trojan secretly loads malicious code onto the device.

Once the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing - a form of mobile payment that charges costs directly to the user's mobile phone bill. After this the malware silently subscribes the phone to a number of services, the report said.

The process also does not require user to register a debit or credit card or set up a user-name and password.

The malware uses technology to bypass 'captcha' systems designed to protect users by confirming the action is being performed by a human. In the captcha system, websites show a set of some letter or numbers which are required to be manually filled by the user.

"Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico," the report said.

Experts at Kaspersky Lab have found traces showing that cyber criminals gang promulgating other trojans are sharing malware code among themselves.

"Our research suggests WAP billing attacks are on the rise. Xafecopy's attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money," Kaspersky Lab Senior Malware Analyst Roman Unuchek said.

Kaspersky Lab, Managing Director- South Asia, Altaf Halde said that Android users need to be extremely cautious in how they download apps.

"It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 13,2020

New Delhi, Jul 13: The Telecom Regulatory Authority of India (TRAI) has blocked Bharti Airtel's Platinum and Vodafone Idea's RedX premium plans that offer faster data speeds and priority services to customers as both the plans were violating net neutrality norms.

The telecom watchdog has asked Bharti Airtel to explain within seven days how such a similar plan being launched does not violate the rules of net neutrality.

Vodafone Idea's RedX plan has been in the market since November 2019. They made some modifications in May 2020 and the Bharti Airtel was soon going to launch a similar plan.

According to TRAI, the higher speed for premium customers discriminate against others and violates net neutrality.

Responding to TRAI's move, Airtel spokesperson said: "We are passionate about delivering the best network and service experience to all our customers. This is why we have a relentless obsession to eliminate faults and have been consistently recognised by international agencies as the best network in terms of speed, latency and video experience."

"At the same time, we want to keep raising the bar for our post-paid customers in terms of service and responsiveness. This is an ongoing effort at our end," the spokesperson said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 2,2020

Leiden, Jul 2: Astronomers have discovered a luminous galaxy caught in the act of reionizing its surrounding gas only 800 million years after the Big Bang.

The research, led by Romain Meyer, PhD student at UCL in London, UK, has been presented at the virtual annual meeting of the European Astronomical Society (EAS).

Studying the first galaxies that formed 13 billion years ago is essential to understanding our cosmic origins. One of the current hot topics in extragalactic astronomy is 'cosmic reionization,' the process in which the intergalactic gas was ionized (atoms stripped of their electrons).

Cosmic reionization is similar to an unsolved murder: We have clear evidence for it, but who did it, how and when? We now have strong evidence that hydrogen reionization was completed about 13 billion years ago, in the first billion years of the universe, with bubbles of ionized gas slowly growing and overlapping.

The objects capable of creating such ionized hydrogen bubbles have however remained mysterious until now: the discovery of a luminous galaxy in which 60-100 percent of ionizing photons escape, is likely responsible for ionizing its local bubble. This suggests the case is closer to being solved.

The two main suspects for cosmic reionization are usually 1) a population of numerous faint galaxies leaking ~10 percent of their energetic photons, and 2) an 'oligarchy' of luminous galaxies with a much larger percentage (>50 percent) of photons escaping each galaxy.

In either case, these first galaxies were very different from those today: galaxies in the local universe are very inefficient leakers, with only <2-3 percent of ionizing photons escaping their host. To understand which galaxies governed cosmic reionization, astronomers must measure the so-called escape fractions of galaxies in the reionization era.

The detection of light from excited hydrogen atoms (the so-called Lyman-alpha line) can be used to infer the fraction of escaping photons. On the one hand, such detections are rare because reionization-era galaxies are surrounded by neutral gas which absorbs that signature hydrogen emission.

On the other hand, if this hydrogen signal is detected it represents a 'smoking gun' for a large ionized bubble, meaning we have caught a galaxy reionizing its surroundings. The size of the bubble and the galaxy's luminosity determines whether it is solely responsible for creating this ionized bubble or if unseen accomplices are necessary.

The discovery of a luminous galaxy 800 million years after the Big Bang supports the scenario where an 'oligarchy' of bright leakers emits most of the ionizing photons.

"It is the first time we can point to an object responsible for creating an ionized bubble, without the need for a contribution from unseen galaxies.

Additional observations with the upcoming James Webb Space Telescope will enable us to study further what is likely one of the best suspects for the unsolved case of cosmic reionization," said Meyer.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 19,2020

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.