Over 45,000 Android Devices Infected By Unremovable Malware

Android users who are fans of sideloading apps have a new malware to worry about. xHelper, first spotted in March is a new kind of malware that is capable of reinstalling itself even after being manually removed and has reportedly infected over 45,000 android devices.

The Trojan which has affected users in India, the US, Russia has since shot up to the top 10 list of most detected mobile malware, with cybersecurity firm Symantec and Malwarebytes observing what they call “a surge in detections” of the malicious Android malware that can hide itself from users, download additional malicious apps, and display advertisements.

“In the past month alone, there was an average of 131 devices infected each day, and an average of 2,400 devices persistently infected throughout the month,” Symantec has said

Uninstalling the app, soft and hard factory resets also do not work. In some cases, users said that even when they removed the xHelper service and then disabled the “Install apps from unknown sources” option, the setting kept turning itself back on, and the device was reinfected in a matter of minutes after being cleaned.

The apps primary source is not known but cybersecurity firm Symantec believe the infection is possibly downloaded by users from unknown sources. MalwareBytes researchers, on the other hand, believe it’s being spread via shady game websites that tricks unsuspecting users into downloading apps from untrusted third-party sources.

xHelper takes its stealth behavior to new heights by not creating an app icon or a shortcut icon on the home screen launcher. The only indicator is a listing in the app info section of the infected phone’s settings.

The good news is that the trojan doesn’t carry out destructive operations. According to both Malwarebytes and Symantec, for most of its operational lifespan, the trojan has only shown intrusive popup ads and notification spam.