A new malware on the loose for the past few months has been making Android phone users go nuts, leaving security researchers to bang their heads for solution. Spoiler alert; you can't uninstall this malware even if you restore factory settings!
Dubbed xHelper, Symatec says this malware has infected at least 45,000 Android devices, with more infections increasing by the day.
xHelper is said to be distributed via websites that encourage users to sideload apps onto device other than the Google Play Store. Once these Android apps are installed, they in turn will install the xHelper Trojan onto the victims device.
Also Read: 10 Simple Steps to Avoid Getting hacked online
After installation, the xHelper app will then spam the device with notifications and pop-up ads, encouraging users to download other apps or play online games, which generates revenue per install for the group behind it.
However, whats interesting isn't the pop-up ads but how the developers ensured that the app can't be removed from the victims device. The app operates silently using encryption to mask its installation, thus hiding it from being detected.
According to Malwarebytes, this malicious app comes in two variants: semi-stealth and full-stealth. In both configurations, the app doesn't create an app icon or a shortcut icon so that users won't notice it, and as well won't be able to uninstall it. The only way a regular Android user would notice the presence of the malware is via the xHelper notification icon, and this is available only on the apps semi-stealth variant. The full-stealth configuration doesn't have that.
xHelper is designed to run automatically as a foreground service based on various triggers that includes; booting your device, when plugged to charge or disconnected. If you try to get rid of xHelper by deleting the app(s) that installed it on your device won't work, and it doesn't stop there but only gets interesting.
Also Read: UK hacker exploits online bank loophole to steal £100,000
xHelper as the name states will remain on your device and 'help' spam and serve ads to you whether you like it or not!! Tried manually to force stop the service? xHelper will restore it back. How about completely removing the service? well, xHelper will magically re-appear on your phone!
OK, i believe the last thought on your mind would be to factory reset your device right? Well, don't even bother because xHelper will be there waiting for you the moment your device comes on! Yes, that's how annoying and persistent the malware is.
So far, security researchers at Symantec have been unable to decipher the mechanism through which the app is able to resurrect itself from the dead. The only advise here is avoid sideloading apps outside the Play Store.