This New Android Malware Could Survive a Factory Reset
Here’s what’s interesting: new Android malware is emerging that is not only annoying – thanks, pop-up ads – but also incredibly difficult to remove from your Android device after being infected.
While this somewhat new “xHelper” malware has so far affected a small number of Android users (about 45,000, Symantec estimates ), the fact that no one has clear recommendations on how to remove it is worrying. While the chances are good that you won’t run into this malware given its low installation frequency so far – even though it has been active since March – you should still know what it does and how (hopefully) it does. to avoid.
As Malwarebytes describes, xHelper starts by disguising itself as a normal application, spoofing the package names of legitimate applications. When it’s on your device, you’re either stuck in a “half-stealth version” where the xHelper icon appears explicitly in your notifications, but no app icons or shortcuts, or a “completely hidden” version that you only notice if you go Go to Settings> Apps & Notifications> App Info (or another navigation option on your specific Android device) and scroll down to see the ‘xHelper’ app installed.
What does xHelper do?
Fortunately, xHelper is not malware in the sense that it does not log your passwords, credit card details, or anything else you do on your device, and does not send them to an unknown attacker. Instead, it just sends you pop-up advertisements on your device and annoying notifications that all try to get you to install more apps from Google Play – presumably how the authors of xHelper make money from malware.
The dark side, as reported by ZDNet , is that xHelper can supposedly download and install applications on your behalf. It doesn’t appear to be happening at the moment, but if it does – coupled with the app’s mysterious ability to keep past deletes and factory resets – it will be a huge backdoor for anyone affected by malware.
Wait, I can’t delete it?
Yeah. This is the tricky part of xHelper. Neither Symantec nor Malwarebytes have good guidelines for removing this malware from your device after installing it, as the mechanisms it uses to persist after a hard reset of your device are unknown. As Symantec describes :
“None of the samples we analyzed were available in the Google Play store, and while it is possible that Xhelper malware is downloaded by users from unknown sources, we believe that this is not the only distribution channel.
Based on our telemetry, we can see that these apps were installed more frequently on certain brands of phones, which suggests that attackers might be targeting specific brands. However, we find it unlikely that Xhelper will be preinstalled on devices since these apps have no indication that they are system apps. In addition, many users have complained in forums about the persistent presence of this malware on their devices, despite performing factory reset and manually removing it. Since these applications are unlikely to be system applications, this suggests that another malicious system application is constantly downloading malware, which we are currently investigating (follow the Threat Intelligence blog to learn more). ”
So…
If you think you are infected with xHelper, you can try downloading some standard anti-virus applications on your Android device. They might be able to help, but I would be wrong on the free antivirus side, otherwise you will find yourself paying a ton of money for an app (or subscription) that doesn’t really help you at all. The xHelper malware is so unusual.
I am completely confident that someone – Google itself or one of the major antivirus players – will find a way to thwart and remove this malware, but it will take some time to get to that solution. At that time…
How to avoid hitting with xHelper in the first place
For now, the best thing you can do to prevent this type of malware infection is to remember your web browsing habits. Make sure you are not being redirected to fraudulent websites that encourage you to download unknown apps or apps that appear to be safe to your device. If in doubt, only install apps from the Google Play store. Do not sideload apps like, do not download and install them manually on the device unless you really know what you are doing, completely trust the app developer, and trust that the app you are downloading is actually something safe from the developer who , according to him, comes. (While that won’t protect you one hundred percent of the time , sticking to the Google Play Store is much safer than downloading random .APKs from websites you don’t know about.)