Updated October 30th, 2019 at 16:03 IST

Xhelper malware infects 45,000 devices over the past 6 months

Dubbed Xhelper, this 'persistent' malware app has reportedly infected more than 45,000 devices and if you are not careful enough, you could be its next target.

Reported by: Tanmay Patange
| Image:self
Advertisement

A new dangerous malware app is at large for Android users. Dubbed Xhelper, this 'persistent' malware app has reportedly infected more than 45,000 devices and if you are not careful enough, you could be its next target. This malware app is a troublemaker for a few reasons: First up, it won't completely go away because every time you uninstall it, it somehow finds its way back into your phone. And no, performing a factory reset on your phone is not going to help you either. Secondly, this app won't even show up in your phone's system launcher, let alone worry about being unable to uninstall it. If that wasn't enough, it causes more damage by inviting other threats and displays unwanted ads. Over the past six months, many users have complained about these problems online, primarily about random pop-up ads and how the app just won't leave them alone.

Xhelper malware on the rise

READ | Malware attacks on IoT-enabled devices are on the rise: Kaspersky

You would be wrong if you expect Xhelper to provide a regular user interface (UI) like other applications. As researchers explain, it won't show up in your phone's application launcher because it is an application component, which allows it to stay low and carry malicious activities undercover. It cannot be triggered manually either. It is programmed such a way that it can only be triggered when you reboot your device, power is connected/disconnected, some app is installed/uninstalled, etc. Once launched, Xhelper can register itself as a foreground service, further reducing the chances of being killed when memory is low. If it is stopped somehow, it is also capable of restarting its service. Once activated, it executes core malicious functionality by decrypting the malicious payload to memory which then connects to the attacker’s command and control server and awaits command.

"None of the samples we analyzed were available on the Google Play Store, and while it is possible that the Xhelper malware is downloaded by users from unknown sources, we believe that may not be the only channel of distribution," Symantec said.

45,000 devices infected

-- Researchers say at least 45,000 devices have been impacted by the Xhelper malware.

-- In September alone, there was an average of 131 devices infected each day.

-- Last month, an average of 2,400 devices persistently infected.

-- Xhelper malware mostly affects users in India, the U.S. and Russia.

Advertisement

Published October 30th, 2019 at 15:23 IST