It’s no secret that Android devices are vulnerable to malware attacks and other malicious programs like. Generally, malicious malware will perish after the device is returned to factory or factory reset mode. But this is not the case for this one malware. It is xHelper, malware that was first discovered around last March.
The spread is quite aggressive. As of this month 45,000 mobile phones have been infected. Also read: Illegal Software Makes Indonesia a Favorite Target of Malware According to Symantec, every day this malware can attack 131 handsets.
xHelper displays a pop-up containing advertisements on the victim’s device to bring in money for the maker. This malware also led victims’ phones to the Google Play Store, then tried to persuade them to install premium website services. The goal is to add to the contents of the coffers of the evil actorxHelper through the commission.
One unique thing about xHelper is that this malware will not disappear even if the victim wipes the device’s memory by doing a factory reset. In fact, the victim reported that xHelper was able to be installed again even though it had been manually uninstalled and “install apps from unknown sources” had been turned off, which should have blocked the installation of malware.
In fact, Symantec and other security companies, Malwarebytes, said that xHelper is not fiddling with the Android OS or system apps. Both were confused with the malware that seemed immune to a factory reset. Quoted from ZDNet, so far no antivirus company has been able to break xHelper’s “self-reinstall” mechanism.
The magic secret of the malware is still mysterious. Some victims who confide in online forums such as Reddit claim to be able to get rid of xHelper through paid antivirus services. But the results are not consistent because some other victims claim to remain re-infected with the same antivirus.
Symantec said xHelper’s creators always update their homemade malware to avoid antivirus detection. That is why an antivirus can catch xHelper at one time, but fails when facing a new version of the malware. Symantec and Malwarebytes also warn that xHelper has another potential danger outside advertising.
This malware can download additional applications so that it has the potential to become a “gateway” for other malicious programs such as ransomware. As antivirus makers try to look for loopholes to penetrate the power of xHelper.
The best way for Android users to protect themselves from invulnerable malware might be to prevent it from getting infected. xHelper usually hides in application code on non-Google sites that load Android applications and provides instructions on installing applications from sources other than the Google Play Store ( sideload ).
Once the application from the site is installed, xHelper also enters. Therefore, you should avoid sideloading applications from sites or sources that have doubts.