“The main source of infections are redirects and suspicious sites that forward users to pages with Android applications. Such sites instruct the user in detail how to download applications not from Google Play, and the code hidden in the applications ultimately leads to the loading of xHelper”, – say researchers.
xHelper is currently displaying intrusive pop-up ads and spam alerts to its victims. Typically, such ads and notifications lead users to the Play Store, where they are invited to install other applications. XHelper operators earn commissions that they receive for each such installation. Neverthelss, the malware has other, much more dangerous functions.
Both companies write that xHelper can download and install other applications. And malware operators can use this feature to deploy second-level threats, including ransomware, bank trojans, and so on.
“However, the most interesting feature of xHelper is that it does not work like most Android malware When the trojan gains access to the device through the initial application, xHelper installs itself as a separate standalone service. Finally, removing the original application does not remove xHelper, and the malware will continue to display ad windows and notifications”, — warn the researchers.
Worse, even if the victim finds the xHelper service in the OS settings, deleting it will not help the case, as the trojan is reinstalled every time, even if the user resets the device to the factory settings.
In some cases, users complained that even uninstalling the xHelper service and disabling the ability to install applications from unknown sources did not help: the device appeared to be re-infected literally a few minutes after cleaning, and the option “install apps from unknown sources” turned out to be active again. Such discussions can be found on Reddit, among the topics on the Google Play Help.
Read also: Casbaneiro banking Trojan used YouTube to steal cryptocurrency
At the same time, experts from Malwarebytes and Symantec were not able to understand how xHelper “survives” after this. There was no Trojan interference in the operation of system applications and services, and Symantec believes that xHelper is unlikely to be preinstalled on devices out of the box, although the malware actually appears more often on devices of specific brands. Despite these facts, many users believe that this is the case and urge others not to buy cheap Chinese phones.
About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…
About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…
About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…
About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…
About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…
About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…