MalwareBytes has identified a new malware strain that has affected 45,000 Android devices to date. The malware dubbed xHelper is seven months old and has already reached the MalwareBytes’ top 10 list of malware in the month of August. According to security researchers, this malware has one of the most efficient methods to disguise itself and evade any kind of antivirus.
Spread By Websites That Allow Sideloading Of Apps
Symantec revealed that Android malware is pushed by websites that allow users to sideload apps on their devices. Once a user installs an app from a third-party website, xHelper trojan is installed on the target’s smartphone.
After the installation, the trojan works by displaying frequent popups and notifications. As per the studies conducted by both Symantec and MalwareBytes, xHelper malware does not conduct any malicious activity that could lead to the loss of your personal data.
It encourages users to play online games and download other apps. The group behind the malware earns money through the clicks on advertisements and the installation of apps.
Cannot Be Removed Even After Factory Reset
One of the most intriguing thing about this malware is that bad actors behind it have ensured that it is nearly impossible to remove the malware from a smartphone. It uses encryption to obscure itself.
According to MalwareBytes, xHelper app comes in two variants — semi-stealth and full-stealth. In both the variants, no app icon is created which makes it even more difficult to spot it by normal users. No icon or shortcut means that you cannot uninstall the app causing the frequent notifications.
The only way to notice the malware is a notification icon that appears when the app is working in the semi-stealth mode. The full stealth mode doesn’t even show the notification which is the only means to spot it in your device.
xHelper has been coded to run automatically when certain actions like device boot up, network connection are evoked. Once it starts operating as the foreground service, the malware cannot be removed even if you remove the app that bundled the xHelper trojan.
Researchers at Symantec haven’t yet figured out how the malware manages to remain on the device even after a factory reset or a user decides to manually stop the service.
Avoid Sideloading apps
Since there is no method to remove the malware once it has affected your device, it is better to avoid websites that allow sideloading of apps. Also, keep an eye on the links you are redirected to while surfing the internet. Refrain from clicking on fishy popups to keep your device safe.