Xafecopy Trojan Malware (Removal Guide+Prevention Tips)

The following article is designed to help remove Xafecopy Trojan from Android devices. The instructions here are meant to work on all Android smartphones, tablets and hybrid laptop computers.

A new malicious program has been reported to be targeting Android device users as of this month and the perpetrator in question is called Xafecopy Trojan. But as new as this malware is, it’s really just as old. In fact, it’s among the older Android virus types, belonging to the so-called Ubsod family. Mainly targeting users in India, this virus has actually already managed to claim victims in as many as 47 countries so far and that number is still growing. Following closely in the number of affected devices are Russia and Mexico. If you, too, have found that your Android smartphone, tablet or hybrid laptop has been infected by Xafecopy Trojan, it’s important that you don’t panic and gain as much information about the situation as you possibly can. In this article we will aim to provide users with that information, as well as a removal guide to help fend off the infection. You will find the instructions attached to this article below, but before you begin to implement them, we do recommend you familiarize yourself with the info we’re about to share. By the very least, it will help you prevent future attacks of this and similar kinds.

What is Xafecopy Trojan? What does it do and how dangerous is it really?

We understand your mind must be racing with different questions. And to answer them, we’ll need to first explain exactly what the Ubsod malware family represents and what makes it different from other virus types. For starters, as we pointed out, this is an old type of malware that hasn’t been reported in quite some time. But evidently it’s making a comeback in that it uses WAP billing as a way to steal users’ money. WAP billing means that instead of requiring any payment details of yours, such as an e-wallet or credit/debit card number, the costs of whatever service or product you purchase are added to your phone bill. Normally, with legit applications, you will be redirected to a new page, where you can click on different additional services or products to activate a subscription. As a result, you will automatically be charged a certain monthly, weekly or yearly fee. Think back and chances are you have already managed to accidentally get yourself subscribed to a similar service and then finding out about it when your phone bill came.

The only difference with Xafecopy Trojan is that it doesn’t require you to click on anything at all – it does all that for you. Then, the hackers behind it can connect their site that’s being continuously clicked on by the virus to a WAP billing service. And as a result, your account is drained, with the money being transferred to the scammers’ accounts. On top of that, Xafecopy Trojan and others from the Ubsod family have been reported to disable the Wi-Fi on the victim’s device and enable the mobile data, hence being able to charge through mobile Internet.

The scary thing about this malware is that it is able to hide behind seemingly safe and legit Android apps, such as BatteryMaster, for example. Once on your device, it can then act as a backdoor and download the malicious code onto the said smartphone or tablet. Other apps that the Trojan masquerades as are usually other useful batter-optimizing applications. Some versions of Xafecopy have also been detected sending SMS to premium-rate phone numbers, which cost way more than the regular service. And to hide their activity, the Trojans are also capable of deleting SMS confirmations from the mobile network provider. Thus, the victims can remain oblivious to the infection and these services they never subscribed to.

The one possible way of preventing such attacks is being extremely careful with your download sources. Try to avoid third-party apps and their distributors and stick only to the Google Play store. And even then it would be wise to do some research on the app you’re interested in beforehand. Look it up, check user reviews and see if there’s anything suspicious that may tip you off about potential malware. In addition, be sure to have a reliable security suite running on your device at all times.

Xafecopy Trojan Malware Removal


Tap the settings button on your Android device. 



Navigate to the Apps drawer



Locate the app you want to have removed from your device.

Naturally, “Flashlight” is used just as an example. You should look for an app called BatteryMaster instead.

app info

In most cases you can click on the Uninstall button and be done with it. In rare occasions, however, the Malware may have managed to give itself administrator permissions and you’ll see that the Uninstall button is grayed out. In order to enable it you should leave the Apps folder and go to:

  • Settings -> Security -> Device Administrators

In there you will see a list of apps that have admin status within your system. They’ll probably be listed under the Android Device Manager. Remove the problematic App from this list. Now you should be able to remove it as normal.



It is possible that removing the culprit might not be enough. In this case you should consider installing additional software like Avast or Kaspersky for Android to help you deal with this issue.

Did we help you? A thank you in the comments goes a long way to warm our hearts!

Leave a Comment