A new Android malware, Xafecopy, is being used to empty bank accounts. Kaspersky Lab reported that 37.5% of the victims are in India, but the malware has infected 4,800 users in 47 countries, mostly Mexico, Turkey and Russia.

Cyber-criminals are taking advantage of WAP billing to carry out their cyber-attack. WAP is a forerunner of mobile internet capability that allows loading text-based, specially crafted mobile websites via non-smart phones. Even though WAP is rarely used nowadays, mobile carriers still support parts of the technology, mainly a billing feature that allows users to pay for something they purchased directly from their mobile accounts. Cyber-attackers have the capability to initiate payments on WAP enabled sites, and users will not suspect a thing.

According to John Snow, a researcher at Kaspersky, “Malware that exploits WAP billing is less complicated than trojans that send premium-rate SMS messages. Cyber-criminals do not even really have to teach their malware creations to gain the access they need for sending SMS messages; these Trojans are capable of staying under the radar and not asking for any special permissions such as access to Accessibility features.”