Data Security

Thousands of Android devices infected with unremovable xHelper malware

Amongst the various reasons out there to buy an iPhone, one of them is definitely going to be clear after this article. In the latest, another malware named xHelper is on the rise of infecting Android based devices, a number staggering over 45,000.

Symantec which happens to be one of the initial discoverers has reported that “In the past month alone, there was an average of 131 devices infected each day, and an average of 2,400 devices persistently infected throughout the month.”

Users on Reddit seen complaining, the malware itself dates more than 6 months back.

More Reddit users complaining about xHelper malware

How it has managed to wreak such havoc is no surprise. A native functionality of Android OS allows one to install APK packages from third-party websites instead of the official Google Play Store, a process known as sideloading. Exploiting this, the attackers infect the user with the trojan when they install an app this way.

Once done, you’ll be greeted with popups and other notifications prompting you to take certain actions such as downloading other apps. The motive behind this would clearly be a monetization opportunity for the attackers which also happens to be somewhat comforting as your data is not being compromised.

Yet, there’s more to it. According to Symantec, the malware’s code has evolved since March earlier this year increasing its functionality which could soon evolve into serious security problems for users. To add to this, the firm states in its blog post that.

We spotted many classes and constant variables labeled as ‘Jio’. These classes are unimplemented for now but we suspect that the attackers may be planning to target Jio users at a future date.

For the unacquainted, Jio is India’s largest 4G network provider boasting over 30 million users – go figure!

A unique aspect that has been found associated with this malware is that it cannot be removed despite factory resetting a smartphone according to some cybersecurity researchers. Nope, nada, zilch. You’re stuck. The malware encrypts itself to achieve obscuration coupled with no app icon whatsoever making its uninstallation difficult as well.

This hideousness is found in both of its variants – the semi-stealth and fully-stealth one. Nonetheless, there is one vital difference. As pictured below, the semi-stealth mode does show you a notification with the malware’s name enabling you to detect its presence.

Image by Malwarebytes.

However, on the other hand, Malwarebytes claims that its Android app can remove the trojan which is worth trying albeit with a price tag attached. For the time being, we would recommend all Android users to refrain from sideloading apps and if one indeed wants to do so, at least do it from a reputable site known to keep user security in mind.

Furthermore, it is important to remember that anti-virus software is not only a PC exclusive phenomenon and it is wise that one installs them on their smartphones as well to scan any incoming files for malicious content. Plus, you may want to finally check out iPhones now.

Comments
To Top

Pin It on Pinterest

Share This