Home Live TV Defence SportFit India News World Latest News Republic Business Education Entertainment Lifestyle Health Election News Videos Tech Opinion Web Stories Initiatives Viral Science News Lifestyle Travel Paralympics Good News

Published 16:03 IST, October 30th 2019

Xhelper malware infects 45,000 devices over the past 6 months

Dubbed Xhelper, this 'persistent' malware app has reportedly infected more than 45,000 devices and if you are not careful enough, you could be its next target.

Reported by: Tanmay Patange
Follow: Google News Icon
  • share
null | Image: self
Advertisement

A new dangerous malware app is at large for Android users. Dubbed Xhelper, this 'persistent' malware app has reportedly infected more than 45,000 devices and if you are t careful eugh, you could be its next target. This malware app is a troublemaker for a few reasons: First up, it won't completely go away because every time you uninstall it, it somehow finds its way back into your phone. And , performing a factory reset on your phone is t going to help you eir. Secondly, this app won't even show up in your phone's system launcher, let alone worry about being unable to uninstall it. If that wasn't eugh, it causes more dam by inviting or threats and displays unwanted s. Over past six months, many users have complained about se problems online, primarily about random pop-up s and how app just won't leave m alone.

Xhelper malware on rise

RE | Malware attacks on IoT-enabled devices are on rise: Kaspersky

Advertisement

You would be wrong if you expect Xhelper to provide a regular user interface (UI) like or applications. As researchers explain, it won't show up in your phone's application launcher because it is an application component, which allows it to stay low and carry malicious activities undercover. It cant be triggered manually eir. It is programmed such a way that it can only be triggered when you reboot your device, power is connected/disconnected, some app is installed/uninstalled, etc. Once launched, Xhelper can register itself as a foreground service, furr reducing chances of being killed when memory is low. If it is stopped somehow, it is also capable of restarting its service. Once activated, it executes core malicious functionality by decrypting malicious paylo to memory which n connects to attacker’s command and control server and awaits command.

"ne of samples we analyzed were available on Google Play Store, and while it is possible that Xhelper malware is downloed by users from unkwn sources, we believe that may t be only channel of distribution," Symantec said.

Advertisement

45,000 devices infected

-- Researchers say at least 45,000 devices have been impacted by Xhelper malware.

-- In September alone, re was an aver of 131 devices infected each day.

Advertisement

-- Last month, an aver of 2,400 devices persistently infected.

-- Xhelper malware mostly affects users in India, U.S. and Russia.

Advertisement

15:23 IST, October 30th 2019