Previous reports about „unkillable” malware dubbed xHelper may have been understated, according to a recently reported outline of the malware from Kaspersky. The update on the malicious Android software offers more insight into how the Trojan malware works. Namely, Kaspersky describes it as being akin to a matryoshka doll.
The implications of the discovery are far-reaching. To begin with, the nested nature of the xHelper trojan means that it can more readily disguise itself. Users have found the malware, for instance, disguised as popular cleaner and phone speed-up apps. But it also contains further executables buried just out of reach for scanners.
In effect, that means it can not only install and run secondary trojans. It can run those trojans out of sight of protective software, even if that software would otherwise be able to detect the malware. That means that it can run previously-discovered malware without detection.
xHelper malware was already looking bad before this
Now, as indicated above, the xHelper trojan is nothing new. It was actually widely reported in October of last year. That’s because it was already known to be uniquely malicious, despite only infecting around 45,000 devices at the time.
To begin with, the first action taken by xHelper is to download and install a 'dropper’ trojan. That malware first collects and then sends device data out to a malicious entity. That’s before installing a second trojan that can effectively give bad actors remote access to the handset. The malicious activity isn’t just incredibly difficult to spot, however.
Since the trojan installs secondary programs with ease and has root access, it can effectively accomplish any malicious action its creators want. That means it can install malicious clickers, steal personal information, and a whole lot more. But, perhaps worst of all, xHelper is effectively „unkillable.”
With its root access and other hijacked permissions, xHelper goes beyond burying itself out of sight and out of mind. It also installs itself in the system-level partition. So, even after resetting a smartphone to its factory settings, xHelper is able to start itself up and start wreaking havoc all over again. Its process doesn’t just restart, it effectively reinstalls itself on the phone even after being completely wiped by the usual means.
Prevention is still the only way around xHelper
As reported with the initial discovery of xHelper, there still appears to be no viable way to remove the malware. Instead, users essentially need to buy a new smartphone and start or flash the stock firmware via a lengthy, tedious process. They’ll also need to take a closer look at apps they download on the new or freshly reinstalled device to ensure they don’t download any shady-lookings apps.
Kaspersky notes that the best way to avoid reinstalling a malicious app is to stick to the default app markets. In the case of Android, that means only downloading or running apps from the Google Play Store. Installing from secondary sources always comes with a risk and xHelper doesn’t appear to have been found on the official app market yet.
The post 'Unkillable’ Xhelper Malware Is More Insidious Than Reported appeared first on Android Headlines.

Source: ndroidheadlines.com