New Android Malware xHelper Persists Through Resets

Xhelper Featured

A new strain of Android malware called xHelper is making the rounds. What makes it notable is how persistent it is, with some going so far as to say it’s unremovable! But what does xHelper do, and is it truly impenetrable?

What Is xHelper?

xHelper is a new strain of adware that’s infecting Android devices. So far, the infection numbers are relatively low, in malware standards. 45,000 units have been infected in total, and it has mostly hit users in the United States, Russia, and India.

xHelper isn’t too dangerous, but it is very annoying. It’s a strain of adware that constantly pops up advertisements on the victim’s phone. It doesn’t extract data or lock down the phone in any way, but the ads do give the distributor money if clicked.

Right now, nobody really knows how the infection starts. Symantec, one of the largest security corporations in the world, believes it’s installed via third-party apps downloaded from outside of Google Play.

Why Is xHelper “Unremovable?”

The problems starts when victims try to remove the malware. Uninstalling the app only has it come back to life. If the user uninstalls it and then tells Android to disallow app installations from third-party sources, the app manages to install itself anyway.

Xhelper Antivirus

The scariest part is when the user attempts a factory reset. xHelper persists through a wipe and returns once the phone reboots. Not even Symantec fully understands how it can survive through what is otherwise known as the “nuclear option.”

Users even report that paid antiviruses can’t fully get rid of xHelper. They can detect the infection, but removing it only causes it to return at a later date. The Internet has been buzzing with people trying to find a solution.

How xHelper Adapts

The main reason xHelper can get around an antivirus is due to its updates. The developers consistently update the malware to get around antivirus detection. As such, people with older versions of antiviruses will find it ineffective. Newer versions will have a better chance of stopping xHelper until the malware is patched to get around it.

Keeping Clear of xHelper

xHelper’s forte is how persistent it is. As such, your main defense – just like any other piece of malware – is not allowing it on your system in the first place. Unfortunately, its annoying habit of living past deletions means you can’t take risks and hope the antivirus will take care of it.

Xhelper Security

For the time being, only download apps from the Google App store. Even then, only download apps that have been around for a long time and that already have many downloads. The Google App store has been less than trustworthy with letting malware onto the store, and the adaptive nature of xHelper means that it can be engineered until it gets passed Google’s shields.

Some users have reported success by flashing a ROM instead of performing a factory reset. This does a clean sweep of the phone’s operating system, which may be the key to scrubbing out xHelper for good.

Not Very Helpful

xHelper’s adware-based attacks aren’t anything to write home about, but its persistence baffles even the most advanced antivirus developers. It’s a pain to get rid of, so avoid infection at all costs.

Does this new strain of malware scare you? Let us know below.

3 comments

  1. Thanks For This Information…

  2. How about of list of the known apps that are carriers of this malware?

  3. Root your phone and use luckey patcher to change it from a system app to a user app before uninstalling or even rewrite the xhelper apk with luckey patcher remove it’s permissions and it’s system app status then uninstall or factory reset if nessary this isn’t even slightly hard to get rid of granted you have the ability to root your device some manufacturer’s are B’s and there’s no bl or way to get root at all witch I think shouldn’t be legal considering how much you pay for some of them you own it so should be allowed to root flash stomp on burry with mud throw into a volcano or anything else you want but that’s a whole other rant point is it’s hardly baffling or anything but slightly annoying and impossible to remove without either reflashing stock room or root

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.