No matter how destructive or invasive, Android malware can usually be removed from an infected device. But a new variant is causing problems for users.
Known as xHelper, this new malware is causing a number of problems – not least the fact that it cannot be easily uninstalled. Normally deleting affected apps is enough to stop the infection, but not so with xHelper. Researchers have found that the malware is able to reinstall on the phone itself within a few minutes.
In fact, xHelper is so persistent that it is able to reinstall itself even after the phone has been reset to factory defaults. Security experts are unsure exactly how the malware is able to recover after a full system wipe. Investigations are still underway, but it seems that once you’ve been infected by xHelper, there is no way to get rid of it again.
Things could be worse
Although no malware infection is ‘good’, xHelper could be a lot worse. xHelper simply displays unwanted popup ads and notifications – the hackers behind the malware make money from the advertisers sponsoring the ads.
At present xHelper is more of an annoyance than a security threat – but that could change. This particular malware variant is being constantly improved and refined by the hackers to make it even harder to remove for instance. But they could also adjust the operations to steal sensitive personal data or payment card information.
Avoiding xHelper infections
Rather than trying to remove xHelper, you should concentrate on avoiding infection in the first place. The good news is that xHelper isn’t easy to catch if you are careful – there are thought to be less than 50,000 infections across the world (although the rate of infection is rising steadily).
xHelper infections rely on ‘side loading’ – downloading and installing apps from third party websites. The xHelper trojan is embedded in these apps, infecting Android smartphones during installation.
To avoid xHelper (and other Android malware), you should only install apps from the Google Play store where every download has been checked for the presence of malware. There is no evidence that xHelper has infected any of the apps available from Google Play.
You can make this process even easier by setting your phone to prevent downloads from unsafe websites. Find out more in our handy guide, How to download apps safely.
Second, make sure that you have a mobile antimalware app installed on your smartphones and tablets. Android antivirus tools may not be able to remove xHelper yet, but they can help ensure your phone is set up to prevent it from being installed in the first place – you can learn more about our Panda’s free Antivirus for Android.
xHelper is a sign of things to come. We expect to see many more examples of similar malware being released in the near future – and next time the outcomes may be a lot worse. But by following the suggestions here, you can protect yourself against xHelper and the next generation of mobile malware.
I think the infection gets to the system file. The system files are always preserved , that’s why a phone can boot after factory reset.
By checking the system files, comparing the infected and uninfected, one could detect the malware base
Yes, It probably won’t survive a full reinstall of the OS from USB – but that is rather more ‘hands on’ than 99.999% of users will want to go. – best not to get it really.