Android: an impossible to remove malware infects 45,000 smartphones


Android

A malware called Xhelper has appeared on Android last March, reports Symantec in a report published on October 29, 2019. According to the researchers, malicious software is affecting an average of 131 Android smartphones per day, or 2,400 new victims per month. A few months ago, Xhelper had already been spotted by MalwareBytes, another firm dedicated to cybersecurity. Since the number of victims is progressing worryingly. The malware targets mostly resident users in India, the United States and Russia.

This malware displays intrusive ads on Android smartphones

So far, Symantec has found no trace of the malware on the Google Play Store. The malware obviously manages to infiltrate the smartphone of its victims via alternative app stores. Xhelper is also put forward by many websites offering to download alternative versions of popular applications without going through the Google store.

Once installed on your smartphone, a line of code will automatically download the Trojan via a remote server. Xhelper will then display intrusive ads on your phone screen. This method allows hackers to quickly generate significant advertising revenue. Most ads promote apps available on the Play Store, notes Symantec.

To prevent users from linking intrusive ads to the installed application, Xhelper will remove the shortcut icon on your home screen. Likewise, the application will not be visible in the launcher. To find a trace of it, you will have to go to the list of applications installed in the settings of your smartphone.

Android

Gizchina News of the week


Android: Xhelper malware is impossible to remove from your smartphone

So far, Xhelper works like most adware detected this year. But the malware goes even further than the usual malware. Once deleted from your smartphone, it will manage to reinstall itself automatically. Even if you completely reset your smartphone to its factory settings, Xhelper will still work. Same story if you forbid the installation of applications from unknown sources.

Read Also:  Honor X60 Leak: Specs, Design, and Surprises Ahead

Xhelper does not have an interface and works just like a basic service, which is why it is almost impossible to uninstall. Symantec and Malwarebytes failed to understand how the hackers came to this result. Obviously, most Android antivirus is also powerless in front of Xhelper. According to Symantec, the hackers behind the operation are deploying updates almost constantly to change the malware code.

Xhelper continues to evolve and become more and more dangerous.

This is not the first time that Android users are targeted by a particularly stubborn malware. In 2013, researchers at Kaspersky Labs discovered a similar malware that can fool all the antivirus on the market. Two years later, Lookout experts discovered a similar virus hidden in the code of 20,000 modified versions of popular applications like Facebook, Candy Crush, Snapchat, Twitter or WhatsApp.

To avoid this problems, Symantec urges Android users to keep their smartphone software up-to-date, not to download apps outside of the Play Store, and to stay alert to the permissions each app requires.

Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.

Source/VIA :
Previous Replacing an AirPods Pro will cost $89 per earbud
Next Android 11: Google is working on the wireless ADB function

1 Comment

  1. Aryan Jaipaul
    October 30, 2019

    Hmm, this is all too interesting, maybe they can find a way to pause API as that’s the only way software can be installed on Android phones, then from there try to find where it’s hiding, maybe in the somehow in the root folder that you can’t read with the default file manager? Idk I know nothing about android 😂

    Edit: I lied, from what I remember, software updates can add new software without going through package installer.