Watch Out For This Particularly Nasty Malware That Reinstalls Itself Even After A Factory Reset
There¡¯s currently a scary bit of malware floating around out there. It¡¯s not particularly dangerous, and it¡¯s not really that widespread either. However, it¡¯s giving cybersecurity experts sleepless nights because it seems to be incredibly resilient.
There's currently a scary bit of malware floating around out there. It's not particularly dangerous, and it's not really that widespread either. However, it's giving cybersecurity experts sleepless nights because it seems to be as resilient as a cockroach.
It's almost impossible to remove.
Reuters
Called xHelper, the Android malware has only affected about 75,000 people of the potentially 2 billion victims around the world so far. Additionally, it doesn't take over your phone, or scrape all your data. All it does is spam your notifications and change your browser's homepage. So why is a non-epidemic, seemingly harmless malware generating such hype?
Well that's because it keeps reinstalling itself once removed, even after a full factory reset.
xHelper wasn't in any apps on the Google Play store. Rather, researchers say they found it in a web redirect link to an app on a third-party store. These pages typically instruct users how to side-load unofficial Android apps on their phones. Hidden in one of these apps was the xHelper Trojan.
It's still unclear how xHelper keeps resurrecting itself, but there are some theories. All instances of the malware have so far been only on Chinese-made phones, leading some to believe it's infected the code of those vendors. Another theory is that Chrome might be behind the continuous revival.
Flickr
Another idea, the most likely of the bunch, indicates the app uses Google's app data backup service to push a copy of itself to the infected user's cloud. Either way, it's been bypassing Google Play Protect and other security mechanisms the entire time.
By itself, xHelper is at most a nuisance. However, experts worry how traditional malware will evolve when paired with this sort of resilience. In any case, it's as good a reason as any to stick to the official apps on the official store.