Malicious software is one of the biggest dangers for our smartphones with many personal information. The worst thing about this is software that cannot be removed even when you return to factory settings like xHelper.
In October of last year, we talked about malware called xHelper. The malware detected in March 2019 first appeared in the Google Play Store. The number of devices affected by xHelper has increased from 45 thousand to 50 thousand since October.
Malware that cannot be deleted: xHelper
The Kaspersky team analyzed xHelper, which spread itself with apps that show themselves in “Trojan-Dropper.AndroidOD.Helper.h”, claiming to clean your device or improve its performance. When you download, install and then run the software on your device, it downloads another malicious software called “Trojan-Downloader.AndroidOS.Leech.p”.
However, the events do not stop here either. Leech.p then downloads “HEUR: Trojan.AndroidOS.Triada.dd and allows root access of the device. According to Kaspersky, this root access can take place on cheap Chinese phones running Android 6 or Android 7. Thanks to this root access, the software downloads more malicious software to the system. The software then makes itself untouchable and cannot be deleted. Therefore, it becomes more difficult for antivirus programs to deal with this problem.
“The Triada has pretty good tricks to reload system partitions to load its programs,” says Igor Golovin, of Kaspersky, that the software is getting stronger thanks to root access. The reason why xHelper is defined as ‘indestructible’ lies here. Even if some files are deleted, re-downloading the necessary components from the C&C server can still maintain their privileges. The device cannot be recovered from this software even if it is restored to factory settings.
What put all this in a deadlock is that many cheap Android devices come with this malware installed on their hardware. In this way, it can download xHelper and other harmful trojans. Golovin says that it does not make much sense to return to factory settings at this point. Golovin says using alternative firmware is the only way to completely recover the device that the software is infected with, that some devices are not very efficient in this regard.
As a result, the only thing that can be done in this regard will be to be more careful about the software you will install on your device. Although malware problems occur in the Play Store, applications downloaded from third-party app stores or unknown sources will increase the risks even more.