Posted on October 30, 2019 at 11:46 PM
Earlier this year, a problematic android trojan came to the fore and the reason it became popular owes to the fact that it comes with a self-install mechanism that makes it very difficult to uninstall.
According to Symantec and Malwarebytes, the trojan was discovered in March 2019, but as of August, it had already compromised more than thirty-two thousand user devices and totaling about forty-five thousand devices in October.
From the foregoing, it is obvious that the trojan is steadily on the rise. According to Symantec, the xHelper infects an average of one hundred and thirty-one devices each day, with a further two thousand four hundred new cases recorded each month. Statistically, the bulk of the attacks occur in countries like Russia, the USA, and India.
Third Party Installations Via App
Upon close observation, Malwarebytes insinuated that websites that redirect users to sites that host unofficial android applications remain the primary source of the infections. These websites prompt users to obtain applications from third party sources. Meanwhile, the applications contain secret codes that house the malware.
One of the positive aspects of the situation is the fact that the malware doesn’t engage in destructive operations. Symantec and Malwarebytes recently confirmed that throughout its existence, the malware has only displayed intrusive notification spam and pop up ads. These notifications and ads send victims straight to Play Store and are prompted to download applications – an action that helps the xHelper developers generate income through referrals.
Unlike other popular trojans, the xHelper operates differently because once it secures its way into a device; it detaches itself and operates independently.
The removal of the initial application does not affect the xHelper, meaning it will continue to operate on users’ devices, showing pop-ups and notification spam.
Extremely Difficult To Uninstall
The major issue with the xHelper remains the fact that it constantly reinstalls itself. Some users that spotted the malware in their devices went as far as performing a factory reset but it reinstalled itself each time.
Experts are still confused as to how it finds its way back each time. Symantec and Malwarebytes have both confirmed that the malware does not reconfigure the operating system of devices. Furthermore, Symantec went on to state that the likelihood of the trojan being installed at the factory level remains highly improbable.
To confirm how bizarre the situation is, some users confirmed that even after they deleted the malware and turned off auto-installation, it turned on automatically, resulting in the xHelper being reinstalled within seconds.
As the situation persists, some frustrated victims have gone online to complain about the difficulty involved in dealing with this problematic malware. Finally, both Malwarebytes and Symantec have sounded out warnings regarding some of the hidden features of the xHelper. They are of the view that though the xHelper is only engaged in ad revenue and spam at the moment. Other dangerous features could be used to deploy subsequent malware such as banking Trojans, ransomware, password stealers or DDoS bots.