Android devices have become increasingly more secure over the years but one fact remains. If you decide to install 3rd-party apps, you’re playing with fire. The xHelper malware is infecting Android devices that have installed 3rd-party apps and the malware is not removable.
There is a reason Google and others recommend you stay away from 3rd-party apps on your Android devices. These types of apps are not vetted or reviewed by Google and can basically contain a lot of bad things. These bad things include software that could steal your personal information to software that serves bad ads and notifications.
For the past six months, the xHelper malware strain has been showing up across some users’ Android devices. This new malware strain has a self-reinstall protocol that makes it nearly impossible to remove. According to Malwarebytes, the xHelper malware was discovered in March and has been spreading to more devices. This new malware is said to be infecting up to 131 new victims a day.
According to Malwarebytes, the source of these infections is “web redirects” that send users to web pages hosting Android apps. These sites instruct users on how to side-load unofficial Android apps from outside the Play Store. The code hidden in these apps downloads the xHelper trojan.
The good news is that the trojan doesn’t carry out destructive operations. According to both Malwarebytes and Symantec, for most of its operational lifespan, the trojan has shown intrusive popup ads and notification spam. The ads and notifications redirect users to the Play Store, where victims are asked to install other apps — a means through which the xHelper malware gang is making money from pay-per-install commissions.ZDNet
According to ZDNet, the xHelper malware installs itself as a separate self-standing service which means even uninstalling the original app from Android devices will not remove it. Even performing a factory reset will not remove the trojan as it reinstalls itself every time.
Some users reported having success with some paid versions of mobile antivirus solutions, but others did not.
In a blog post published today, Symantec said the trojan is in a constant evolution, with new code updates being shipped out on a regular basis, explaining why some antivirus solutions manage to remove xHelper malware in some instances, but not later versions.
There appears to be a battle between the xHelper crew and mobile antivirus solutions, with each one trying to get the better of the other.ZDNet
The good news is, if you’re the type to never install 3rd-party apps on your Android devices then you should be safe from the xHelper malware.