A new malware namely xHelper has started infecting Android devices at a rapid pace of late. Not only that, this malware does NOT get removed even after a factory reset. Therefore, if an Android device gets infected with xHelper, even a factory reset is unable to remove it.
Reportedly, xHelper malware has infected as many as 45,000 devices so far. 131 new phones are getting infected daily while xHelper is infecting 2,400 devices in a month. However, the worrisome part is that there is no set remedy [as of yet] of removing it as it stays on despite factory reset. This malware is active since March. Nonetheless, it has picked up the pace of infecting Android devices lately.
Also Read: You are still doing cyber-security wrong
Tricks of xHelper and the way it penetrates
According to Malwarebytes, xHelper exhibits itself as a regular app by putting on a mask. It showcases itself by spoofing legal apps’ package names. Later, when it’s on your device, you’re either infected with one of the two versions.
Semi-stealth version displays no app or shortcut icons. Instead it drops the icon of xHelper unsubtly in the notifications. On the other hand, there’s this full-stealth version which you cannot notice until you visit Settings > Apps & notifications > App Info and scroll down to see the installed ‘xHelper’ app.
A significant aspect of xHelper is that it is not a dangerous malware. It means that it doesn’t record nobody’s credit history, password or credit card data [as of now]. As an alternate, it bombards Android devices with pop-up ads and some frustrating notifications which entices the user to install more apps from Google Play Store which apparently helps xHelper creators in making money.
Another downside of this malware is that it can allegedly install apps on behalf of the users, as reported by ZDNet. Apparently, it is not happening; however, if and whenever that happens to anybody, it would create some chaos keeping in mind the malware’s shadowy capability.
How to remove malware from an infected device?
Once the app gets infected [read: installed] in a device, it cannot be uninstalled. Even Malwarebytes and Symantec couldn’t provide any solid way of getting rid of this malware. The tool which xHelper uses to even bypass factory reset is beyond everyone. Symantec comments:
“None of the samples we analyzed were available on the Google Play Store, and while it is possible that the Xhelper malware is downloaded by users from unknown sources, we believe that may not be the only channel of distribution.
From our telemetry, we have seen these apps installed more frequently on certain phone brands, which leads us to believe that the attackers may be focusing on specific brands. However, we believe it to be unlikely that Xhelper comes preinstalled on devices given that these apps don’t have any indication of being system apps. In addition, numerous users have been complaining on forums about the persistent presence of this malware on their devices, despite performing factory resets and manually uninstalling it. Since it is unlikely that the apps are systems apps, this suggests that another malicious system app is persistently downloading the malware, which is something we are currently investigating (keep an eye on the Threat Intelligence blog for more on this)”
Therefore, it is advisable to avoid free antivirus apps for now. The least you could do is to pay for an antivirus app and subscribe it if your device is affected. It is hoped that in time to come – maybe Google – someone will take a lead to post a remedy from getting rid of the malware.
Quick Read: Kick out these hidden Android adware apps
How to stay protected from xHelper malware?
This is how you can avoid [but not limited to] getting hit with xHelper or similar kind of malwares:
- Be watchful of your browsing practices
- Be wary of getting redirected to scammy sites
- Avoid installing apps through an advert
- Install apps only from Google Play Store
- Do not share your private information on apps you don’t trust
Let us know if you have anything to add to this story!