INDESTRUCTIBLE MALWARE CONTINUES TO AFFECT XHELPER, ANDROID DEVICES

One of the biggest dangers for our smartphones, where we have a lot of personal information, is malware.

...

The worst thing about this is software like xHelper that can not be removed even when factory settings are restored. 

The malware, which was detected in March 2019, had first appeared in the Google Play Store. Since October, the number of devices affected by xhelper has increased from 45 thousand to 50 thousand.

Malware that cannot be deleted: xHelper

Kaspersky's team, itself " Trojan-Dropper.AndroidOD.Helper.the H " also showed analyzed xhelper, which spreads through apps that claim to clean up your device or improve its performance. When you download the software to your device, install it and then run it, “Trojan-Downloader.AndroidOS.Leech.it downloads another malware called p.

But things don't end here either. Leech.p later wrote " HEUR:Trojan.AndroidOS.Triada.it downloads DD and allows root access to the device. This root access, Kaspersky says, can happen on cheap Chinese phones running Android 6 or Android 7. The software downloads more malware into the system thanks to this root access it provides. The software then makes itself untouchable and cannot be deleted. This is why anti-virus programs are becoming more difficult to deal with.

Igor Golovin of Kaspersky notes that the software is getting stronger thanks to root access, and says “Triada has pretty good tricks, like re-performing system partitions to install its programs.” here lies the reason why xhelper is described as ‘indestructible’. Even when some files are deleted, it can still retain privileges to download the necessary components from the C&C server. The device can't get rid of this software even if it is restored to factory settings.

What makes all this a kind of stalemate is that many cheap Android devices come out with this malware installed on their hardware. This allows you to download xhelper and other malicious Trojans. Golovin says it doesn't make much sense to return to factory settings at this point. Golovin says that the only way to completely recover the infected device is to use alternative firmware, which some devices are not very efficient in this regard.

As a result, the only thing that can be done about this is to be more careful about the software you install on your device. Even if there are malware problems in the Play Store, applications downloaded from third-party app stores or unknown sources will increase the risk.


Source