comscore xHelper malware: Everything you need to know | BGR India
News

The xHelper malware explained: Why it is so dangerous and how to get rid of it?

The xHelper malware started affecting a lot of devices back in 2019 and still continues to exist on many. With a malicious program that can survive a reset, check out what you can do to take it out.

  • Published: April 10, 2020 2:41 PM IST
Hacker

Somewhere near the mid-point of 2019, we started seeing mass attacks by the xHelper Trojan on Android smartphones. The malware remains as active as ever even today. Its main feature is invading your device and staying hidden. Once it gets into your phone, it somehow stays there even after the user deletes the malware and restores factory settings. Also Read - Coronavirus: Fake malware-laced apps and why they are so dangerous?

A recently conducted survey tried to determine how xHelper’s creators furnished the device with such survivability. The malware’s working is reportedly based on the currently active sample Trojan-Dropper.AndroidOS.Helper.h. Disguising itself as a popular cleaning and speed up the app, the app simply disappears on installation and is nowhere to be seen. Also Read - Coronavirus: Hackers are using the pandemic to spread malware online: Report

Watch: Realme 6 Pro Camera Review

Once at this stage, you will not even be able to find the app on the main screen or the system settings. Its main function is to remain hidden and send the phone’s information to another URL. This information includes stuff like your phone’s manufacturer, model, firmware version and more. Also Read - This malware affects 4,700 Windows-based computers every day

In the next stage, the second dropper, Trojan-Dropper.AndroidOS.Helper.b, is launched. This consequentially runs another malware by the name Trojan-Downloader.AndroidOS.Leech.p which will again, infect your device. The new malware is tasked with downloading yet another old HEUR:Trojan.AndroidOS.Triada.dd along with obtaining root access on the victim’s device. Once this is attained, xHelper can install new malicious files directly in the system partition. This can cause a lot more damage.

How to get rid of it?

There are very complicated methods to achieve this. However, the simplest and most reliable method is to completely reflash the phone. Reflashing is different from your average reset. It involves clearing partitions that otherwise remain untouched.

But users should keep in mind that the firmware of smartphones attacked by xHelper sometimes already has malware. This may allow the independent flowing of downloads and installs on your phone. In this case, a reflash is pretty much useless since the same procedure could start again. The only way out is to consider alternative firmware for your device. If you do use a different firmware though, you risk losing function on some of the smartphone’s components.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: April 10, 2020 2:41 PM IST