Last year, a particularly indelible malware was discovered attacking Android-based devices: the now infamous xHelper Trojan, which is nearly impossible to remove from a device. As of March 2020, the xHelper has infected over 55,000 phones around the world and the attacks continue.
After xHelper is installed, it runs a series of downloads of other malicious files, including one known as Triada, which provides root access on the device. This is what makes xHelper particularly difficult to remove; the malware module installed in the system folder simply reinstalls the deleted applications. In addition, all the files copied to the phone’s folders by the malware are designated “immutable”, meaning not even superusers can delete them.
Igor Golovin, Malware Analyst at Kaspersky, said: “xHelper is particularly dangerous because it creates a backdoor that the attackers can use to execute commands as if they’re a superuser, as well as gain access to all app data. A similar backdoor can then be used by other malware, like CookieThief, to attack the same device. Since xHelper is nearly impossible to remove, it’s important that Android users stay vigilant about what they’re downloading on their phone and always use a strong mobile security software. The good news – if you are downloading apps from official stores, chances of encountering this malware are very, very low.”
Click below to share this article