Researchers Reveal Secret Behind 'Unkillable' Android Malware 'xHelper' - yorkwoor1936

Kaspersky researchers earlier this year detailed a unique Android malware that cannot exist removed symmetric after a factory reset. Titled xHelper, the trojan baffled cyber-security researchers with its persistence and how IT stern survive almost whol attempts to remove it from the device. While the researchers published a detailed report connected the malware's MO in Feb, they were still diffident about the secrets behind its persistence. That, however, has changed now, with a different researcher being able to finally unlock its mysteries.

According to Kaspersky researcher, Igor Golovin, the latest strand of the malware, Trojan-Dropper.AndroidOS.Helper.h, disguises itself arsenic a popular cleansing agent app for smartphones, but after installation, it just disappears and is nowhere to be seen either happening the main screen or in the platform menu. It can simply be launch in the list of installed apps in the system settings.

Once installed, the malware collects and sends personally-identifiable inside information some the victim's phone, including Mechanical man ID, manufacturer, model, firmware interlingual rendition, etc.) to a third base-party website, and and then proceeds to download the succeeding malicious module. It keeps downloading one Trojan module after another, including the notorious Triada, which gains stem privileges on the infected device and enables the malware to install a serial of vindictive files directly into the system partition.

The malware for the most part affects devices jetting Mechanical man 6 Marshmallow and Android 7 Nougat, although it's non as widespread as earlier believed. Either way, Golovin says that once a gimmick is infected with xHelper, the easiest and most reliable way to get rid of it is to entirely reflash the phone, preferably with a different firmware, if in stock. You can read all the technical details about xHelper on the Kaspersky's official security blog.