A new Android malware has made it to the news as it has taken thousands of devices by storm. According to researchers, the new xHelper malware presently seems undefeatable.
New xHelper Malware Targets Android
Researchers from Symantec have shed light on a new malware that is already prevalent on Android devices. The malware termed as ‘xHelper’ is actively exploiting thousands of Android phones.
As elaborated in their blog post, the malware has been around for almost 6 months. It continued to stay under the radar until some users posted about xHelper infections on various online platforms, such as Google and Reddit.
In brief, xHelper is a persistent menace to target devices. It reaches the device as an application component and, ditches listing with the Application Manager. Furthermore, it also bears no app icon. Therefore, the users don’t even notice the infection until the malware executes on their devices.
Upon successful installation to a device, the xHelper app starts following external events, such as phone reboot, or internet connectivity. It also establishes itself as a foreground service on the device. It will also keep restarting its service whenever stopped for any reason, such as a manual action or loss of internet connectivity.
The malicious APK includes the payload which unpacks itself and connects to the C&C server for receiving commands. The connection boasts SSL certificate pinning for preventing any interceptions.
In most cases, xHelper does not exhibit any destructive activities. Rather it shows invasive adverts and spam notifications.
A few months ago, Malwarebytes also analyzed xHelper, who elaborated two distinct types of xHelper infections. They called them ‘full-stealth’ (with no app, notification, or shortcut icons), and ‘semi-stealth’ (showing xHelper icons in notifications). In their analysis, they detected nearly 33,000 infections.
However, Symantec has now detected around 45,000 infected devices, primarily targeting users in India, Russia, and the USA.
xHelper Defeats All Virus Removal Tricks
What makes xHelper distinct from other Android malware is that it presently seems undefeatable. Initially, it remained undetected by a majority of Android antimalware apps. Later, even when some apps started detecting the virus, they still cannot remove the malware.
At first, scanning the device may let a user believe the removal of xHelper. But the malware keeps reinstalling itself on the device after every so-called removal.
Neither factory resetting the device, or manual removals eliminate xHelper from the device. Furthermore, the researchers have also noticed the constant evolution of xHelper codes to evade detection strategies. The latest codes bear many more functionalities that did not exist in the past, and it still shows some signs that hint the introduction of more changes in future.
Until now, there seems no specified source of download for xHelper. Therefore, the only viable option for the users to prevent xHelper attack on their device is to remain careful about the apps they install. Moreover, users should also keep their devices loaded with robust antimalware apps.
If you have encountered xHelper infection on your device, or know about any xHelper victims, then do share your thoughts with us.