A new Android malware has been spotted by Symantec researchers. Called Xhelper, this dangerous Trojan is impossible to remove. Once cleared, the malware is indeed able to reinstall without your knowledge. In the last six months, the malware has infected 45,000 Android smartphones through blinds alternative.
A malware called Xhelper appeared on Android last March, reports Symantec in a report published on October 29, 2019. According to researchers, malicious software is inviting an average of 131 Android smartphones per day, or 2,400 new victims per month. A few months ago, Xhelper had already been spotted by MalwareBytes, another firm dedicated to cybersecurity. Since the number of victims is progressing worryingly. The malware targets mostly resident users in India, the United States and Russia.
Read also: these 42 Android apps from the Play Store hide malware
This malware displays intrusive ads on your Android smartphone
So far, Symantec has not found no trace of malware on the Google Play Store. The malware obviously manages to infiltrate the smartphone of its victims via alternative blinds or bribes. Xhelper is put forward by many websites offering to download alternative versions of popular applications without going through the Google store.
Once installed on your smartphone, a line of code will automatically download the Trojan via a remote server. Xhelper will then display intrusive ads on the screen of your phone. This method allows hackers to quickly generate significant advertising revenue. Most ads promote apps available on the Play Store, notes Symantec.
To prevent users from linking intrusive ads to the installed application, Xhelper will disappear the shortcut icon present on your home screen. Likewise, the application will not be visible in the launcher. To find a trace of it, you will have to go in the list of applications installed in the settings of your smartphone.
Android: Xhelper malware is impossible to remove from your smartphone
So far, Xhelper works like most adware detected this year. But the malware goes even further than the usual malware. Once removed from your smartphone, it will reach automatically reinstall. Even if you completely reset your smartphone to its factory settings, Xhelper will still work. Same story if you forbid the installation of applications from unknown sources.
Xhelper does not have an interface and works just like a basic service, which is why it is almost impossible to uninstall. Symantec and Malwarebytes failed to understand how the hackers came to this result. Obviously, most Android antivirus is also powerless in front of Xhelper. According to Symantec, the hackers behind the operation are deploying updates almost constantly to change the malware code. Xhelper continues to evolve and become more and more dangerous.
This is not the first time that Android users are targeted by a particularly stubborn malware. In 2013, researchers at Kaspersky Labs discovered a similar malware that can fool all the antivirus on the market. Two years later, Lookout experts discovered a similar virus hidden in the code of 20,000 modified versions of popular applications like Facebook, Candy Crush, Snapchat, Twitter or WhatsApp.
To avoid getting infected, Symantec urges Android users to keep their smartphone software up-to-date, do not download apps outside of the Play Store and to remain attentive to the authorizations requested by each application. Have you ever installed a malware that can not be deleted on your phone? We are waiting for your testimony in the comments.