The trojan secretly loads malicious code onto the device and once the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing and silently subscribes the phone to a number of services. Wireless Application Protocol (WAP) billing is a form of mobile payment that charges costs directly to the user’s mobile phone bill.
The process also does not require user to register a debit or credit card or set up a user-name and password. “Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico,” according to Kapersky Lab. The malware has also the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money. The only way to protect against such malware actions is to scan every app for Android with the Verify Apps utility and to permanently use a mobile security suite.