It’s no secret that Android devices are vulnerable to powerful malware and other similar malicious programs. Generally, malicious malware will be destroyed after the device is returned to factory mode or factory reset. However, this is not the case for this malware. It is xHelper, malware that was first discovered around last March. The spread is quite aggressive. Until this month, there have been 45,000 infected mobile phones.
According to Symantec, every day this powerful malware can attack 131 handsets. xHelper displays pop-ups with ads on victims’ devices to bring in money for the creators. This malware also leads the victim’s phone to the Google Play Store, then tries to persuade them to install a premium website service. The goal is none other than to increase the contents of the coffers of the bad actor who created xHelper through commissions. One unique thing about xHelper is that this malware will not disappear even if the victim wipes the device memory by doing a factory reset. In fact, victims reported that xHelper was able to re-install even after a manual uninstall and “install apps from unknown sources” was turn off, which should have block the installation of the malware.
In fact, Symantec and another security company, Malwarebytes, say that xHelper does not tamper with the Android OS or system apps. Both were confus by the malware that seemed immune to factory reset.
Some victims who vent on online forums such as Reddit claim to be able to get rid of xHelper through paid antivirus services. However, the results were inconsistent because some of the other victims claimed to be re-infect with the same antivirus. Symantec said the actors who created xHelper always update their malware to avoid antivirus detection. That’s why an antivirus may catch xHelper at one time. But fail when it comes to a new version of the malware. Symantec and Malwarebytes also warn that xHelper has one other potential danger beyond advertising. This malware can download additional applications so that it has the potential to be a “gateway” for other. Malicious programs such as ransomware.
While antivirus makers are trying to find loopholes to penetrate the magic of xHelper. The best way that Android users can do to protect themselves from the invulnerable. Malware is probably to take precautions so that the device does not become infected. XHelper usually hides in app code on non-Google sites that load. Android apps and provide instructions on how to install apps from sources. Other than the Google Play Store (sideload). Once the application from the site is install, xHelper also enters. Therefore, it’s best to avoid sideloading apps from dubious sites or sources.