Android malware called xHelper posing as a cleaning app has reached tens of thousands of smartphones using Google operating systems. Although the application has been around for a year, now cybersecurity experts have warned about this malware again. This is because it is very difficult to locate and almost impossible to erase from affected devices. Once installed, xHelper no longer appears in the applications overview; It can only be seen in the list of installed applications in the system menu. Even after performing a factory reset, it’s already pretty impressive.
The scariest thing about this threat was that Xhelper was very persistent as we saw earlier, it could be reinstalled only after users uninstall it, the malware continues to appear even after users have manually uninstalled it. Also, even a hard factory reset cannot prevent Xhelper from showing up again. Xhelper does not provide a normal user interface. Malware is an application component, which means that it will not appear in the device’s application launcher. This makes it easier for malware to perform its malicious activities covertly.
Once this threat was installed on the victim’s device, it began to perform its malicious activity by decrypting the malicious payload included in its package in memory. The malicious payload connects to the attacker’s command and control (C&C) server and waits for commands. To prevent this communication from being intercepted, SSL certificate pinning is used for all communication between the victim’s device and the C&C server.
The good news is that you now know how to eliminate this threat with the following steps:
▸Have a data manager or an Android virus scanner, it is important that you download one.
▸Disable the Google Play Store in System Preferences.
▸Remove “xHelper” with the virus scanner.
▸Use a File Manager to find and delete files that start with “com.mufc.”
▸And finally, and now free, if the Google Play Store is activated again, the malware will not be reinstalled.
See more:
Triada Trojan that terrorized Android in its time
ADB Miner – Malware that mines on Android Devices
[…] reads:xHelper Trojan that hits Android real hardTriada Trojan that terrorized Android in its […]