A malware called Xhelper has appeared on Android last March, reports Symantec in a report published on October 29, 2019. According to the researchers, malicious software is affecting an average of 131 Android smartphones per day, or 2,400 new victims per month. A few months ago, Xhelper had already been spotted by MalwareBytes, another firm dedicated to cybersecurity. Since the number of victims is progressing worryingly. The malware targets mostly resident users in India, the United States and Russia.
This malware displays intrusive ads on Android smartphones
So far, Symantec has found no trace of the malware on the Google Play Store. The malware obviously manages to infiltrate the smartphone of its victims via alternative app stores. Xhelper is also put forward by many websites offering to download alternative versions of popular applications without going through the Google store.
Once installed on your smartphone, a line of code will automatically download the Trojan via a remote server. Xhelper will then display intrusive ads on your phone screen. This method allows hackers to quickly generate significant advertising revenue. Most ads promote apps available on the Play Store, notes Symantec.
To prevent users from linking intrusive ads to the installed application, Xhelper will remove the shortcut icon on your home screen. Likewise, the application will not be visible in the launcher. To find a trace of it, you will have to go to the list of applications installed in the settings of your smartphone.
Android: Xhelper malware is impossible to remove from your smartphone
So far, Xhelper works like most adware detected this year. But the malware goes even further than the usual malware. Once deleted from your smartphone, it will manage to reinstall itself automatically. Even if you completely reset your smartphone to its factory settings, Xhelper will still work. Same story if you forbid the installation of applications from unknown sources.
Xhelper does not have an interface and works just like a basic service, which is why it is almost impossible to uninstall. Symantec and Malwarebytes failed to understand how the hackers came to this result. Obviously, most Android antivirus is also powerless in front of Xhelper. According to Symantec, the hackers behind the operation are deploying updates almost constantly to change the malware code.
Xhelper continues to evolve and become more and more dangerous.
This is not the first time that Android users are targeted by a particularly stubborn malware. In 2013, researchers at Kaspersky Labs discovered a similar malware that can fool all the antivirus on the market. Two years later, Lookout experts discovered a similar virus hidden in the code of 20,000 modified versions of popular applications like Facebook, Candy Crush, Snapchat, Twitter or WhatsApp.
To avoid this problems, Symantec urges Android users to keep their smartphone software up-to-date, not to download apps outside of the Play Store, and to stay alert to the permissions each app requires.