A mysterious mobile malware has infected over 45,000 Android devices in the past six months.
The malware, called XHELPER is unremovable and capable of reinstalling itself even after being manually removed. It hides from users, downloads additional malicious apps, and displays advertisements.
This malware was first spotted back in March but slowly expanded to infect more than 32,000 devices by August. It has since shot up to the top 10 list of most detected mobile malware.
“In the past month alone, there was an average of 131 devices infected each day, and an average of 2,400 devices persistently infected throughout the month,” Symantec company said.
The most affected users are in India, the US, and Russia. Users have complained about random popup advertisements, and how the malware keeps showing up even after uninstalling it.
Researchers say that the source of the infection is “web redirects” that send users to web pages hosting Android apps. Although the trojan doesn’t carry out destructive operations, it is a means through which the xHelper gang is making money from pay-per-install commissions.
Once the trojan gains access to an Android device via an initial app, xHelper installs itself as a separate self-standing service.
Uninstalling the original app won’t remove xHelper, and the trojan will continue to live on users’ devices, continuing to show popups and notification spam. It does not create a shortcut icon on the home screen which means the malware cannot be launched manually. The only indicator is a listing in the app info section of the infected phone’s settings.
It remains a mystery how the malware survives factory resets.
Some users were successfully able to remove the malware using some paid versions of mobile antivirus solutions. But the trojan is in a constant evolution which means the antivirus solutions fail to remove later versions of xHelper.
To safeguard your devices from such attacks, it’s always recommended that you keep devices and apps up-to-date, stick to the Google Play Store for downloading apps and be extremely cautious of the mobile websites you visit
Secure Your Organization’s Mind with Securemind.se