Phones might generally be considered safer when we talk about viruses and malware, but this is definitely not the case anymore. There are numerous malware and trojan apps designed specifically for targeting Android smartphones. One such Android malware called Xhelper has now been reported of having infected 45,000 devices. As per a new Symantec report, the malicious persistent Android dropper app was first spotted in March 2019 and, while its code was relatively simple at the time with the main function being visiting advertisement pages for monetisation purposes, its code has changed over time. The app now hides its icon, displays ads, downloads other infected packages, and more. What’s even more concerning is that the malware can auto-reinstall, even if it is removed or if the infected device is reset.
The report mentions that around 45,000 devices have been infected by the Xhelper malware until now and, in the past month, about 131 devices were infected every day. An average of 2,400 devices are being infected by it in a month. The malware samples analysed by Symantec were not available on the Google Play Store and the app might have been downloaded by users from unknown sources. Additionally, the developers of this malware might be targeting some specific smartphone brands, since it was found more frequently on certain handset brands. Since the malware keeps installing itself even when the device is reset, researchers at Symantec are doubtful that another system app in such phones might be the culprit. Considering how most phone manufacturers load bloatware on their offerings, we won’t be surprised if this turns out to be true.
As for keeping your device safe from Xhelper malware, Symantec suggests updating your device’s software. Also, the golden rule of not installing apps from unofficial sources also works since trusted sources like Google Play Store are less likely to host malware-laden apps. One should also be wary of the permissions being requested by an app by regularly disabling permissions it doesn’t need to work. These are precautions and there’s no method mentioned by Symantec to get rid of the Xhelper malware