xHelper – the Trojan that’s nearly impossible to remove ¬– continues to infect thousands of devices. How can you stay safe?

  • By ; Adel Farig

     

    By ; Adel Farig

     

    Last year, a particularly indelible malware was discovered attacking Android-based devices: the now infamous xHelper Trojan, which is nearly impossible to remove from a device. As of March 2020, the xHelper has infected over 55,000 phones around the world, and the attacks continue.

    After xHelper is installed, it runs a series of downloads of other malicious files, including one known as Triada, which provides root access on the device. This is what makes xHelper particularly difficult to remove; the malware module installed in the system folder simply reinstalls the deleted applications. In addition, all the files copied to the phone’s folders by the malware are designated “immutable”, meaning not even superusers can delete them.

    “xHelper is particularly dangerous because it creates a backdoor that the attackers can use to execute commands as if they’re a superuser, as well as gain access to all app data. A similar backdoor can then be used by other malware, like CookieThief, to attack the same device. Since xHelper is nearly impossible to remove, it’s important that Android users stay vigilant about what they’re downloading on their phone and always use a strong mobile security software. The good news—if you are downloading apps from official stores, chances of encountering this malware are very, very low,” says Igor Golovin, malware analyst.

    Kaspersky solutions successfully block the threat.

    To protect yourself from xHelper and other Android malware, Kaspersky experts recommend:

    ·       Only download applications from trusted sources, like official marketplaces

    ·       Install an antivirus solution on your phone, like Kaspersky Antivirus & Security for Android

     

     

    Read more about xHelper on Securelist.

     

    حمّل تطبيق جريدة عالم رقمي الآن