An Android theft malware disguised as a cleanup application “xHelper” has spread to tens of thousands of smartphones with Google operating systems. Although the application has been around for about a year, security experts are now issuing a new warning. This is because it has proven to be very difficult to locate the malware and it is very costly to remove it from affected devices. Once installed, it can no longer be found in the general app overview and is only visible via the list of installed apps in the system menu. Even after a factory reset, the app is reinstalled, and the user data is retrieved.

What does the Android Trojan “xHelper” do?

Not everyone follows the iron rule of only downloading applications from official app stores. This is how “xHelper” has been able to spread. It is installed from unofficial sources on smartphones and is currently found on tens of thousands of devices equipped with older software versions such as Android 6 and Android 7. When the infected app is downloaded, the data from the device is first transferred to a server, after which further malware – e.g. for spying – is downloaded.

How to remove the Android malware

With Panda Adaptive Defense 360, you are safe. Provided your device is on an adequately secured corporate network, our IT security solution will identify the malware and prevent it from being installed.

If you are not using Panda Adaptive Defense 360, follow these steps:

  • If you don’t already have one, install a data manager and use an Android virus scanner, such as our free Android virus protection and scanner.
  • Disable the Google Play Store in System Preferences
  • Remove “xHelper” using our virus scanner
  • Use the File Manager to search for and delete files starting with “com.mufc”.
  • If the Google Play Store is now reactivated, the malware will not reinstall itself.