• Trojan malware disguised as genuine mobile apps.
• Subscribed users to premium services without their consent.
• Bypassed security verifications like CAPTCHA.
• Directly charged users’ mobile bills without awareness.

3. Xafecopy Trojan Malware Attack (2017)

Steps of the Fraud:

1. Disguised Application:
   • The Xafecopy Trojan disguised itself as legitimate applications, such as battery optimization tools, and was downloaded by users.
2. WAP Billing Exploitation:
   • Once installed, the malware clicked on web pages with Wireless Application Protocol (WAP) billing, subscribing users to paid services without their knowledge.
3. Bypassing Security Measures:
   • The Trojan bypassed CAPTCHA systems to automate the process, leading to unauthorized charges billed directly to users’ mobile accounts.
4. Global Impact:
   • Within a month, Xafecopy infected at least 4,800 users across 47 countries, with India being the primary target.