New virus and newer risk coming every day and absolutely no safeguard and now it is the time for the consumers who are believing in all mobile payment as the option. It is absolutely fact that 1 in 10 smartphone owners are victims of phone threat and 12% experienced fraudulent charges on their account. In a recent development by the Kaspersky Lab researcher Roman Unuchek spotted an uptick in WAP-billing trojan-clickers from different cybercriminal groups stealing money through victims' mobile accounts without their knowledge," the report said they are targeting users in Russia and India.

The malware steals money from users using WAP-billing which is a mobile payment that charges costs directly to the user's mobile phone bill so that they don't have to register a payment card or set up login credentials. If you do not block your m-payment account soon after losing your device, fraudsters can attempt to steal your card information or use it to buy goods/services.

To protect your device from such malware programs, make it a rule of thumb to install antivirus software by downloading applications from trusted sources.One must use good anti-virus software in their mobile phones since, around 40 per cent of target of the malware has been detected in India. Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally. The trojan secretly loads malicious code onto the device.

A trillion-dollar question is who has invented the app Xafecopy? A group is investigating the root cause and even pentagon(USA) has certain questions on it. This malware clicks on web pages with Wireless Application Protocol (WAP) billing – the scam payment is similar to premium rate SMS messages but instead of needing to send an SMS, the user only needs to click a button on a web-page enabled with WAP-billing. To the user, the page would look like a normal web-page.

A quick question arises does the telecom service providers are they responsible for this because they are not in a position to provide the desired level of security of encryption that makes it vulnerable for hackers to intercept streams, an expert suggested to safeguard the user information, companies can use technology services that use special double 2048-bit electronic & encryption for the whole data stream traveling to and from your mobile device, which makes such fraud impossible because of the time needed for decryption.

Since, the trojans then use JavaScript code to automate certain actions, such as opening web pages and clicking on the buttons associated with WAP billing. The malware also deletes incoming SMS messages to avoid raising suspicion. Some samples also abuse Device Administrator rights on the infected Android device to make their removal more difficult. They are stealing less money than banking Trojans, but it is harder for a user to notice the monetary loss,” Unuchek said. “There were cases when such Trojans were stealing small amounts of money, every day, for months.

New types of fraud have also been emerging. Mobile payments are becoming an increasingly important part of the payment landscape. The fact is the more popular mobile payments become, the more they will be targeted by hackers and thieves. In summary, while mobile payment systems have clear advantages for businesses, they also come with a fair amount of risk. One must know on the risk while doing the mobile payment risks and what you can do to minimize them. All mobile payment companies should start an awareness programme on the statutory risk while they are doing the mobile payment, as you have seeing there have been reports of identity thieves gaining access to consumers’ digital credit and health accounts.

Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected. Again Kaspersky announced, Xafecopy's attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money.

Android users need to be extremely cautious in how they download apps and advised not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices and users must keep their OS and application software up-to-date.