Over the previous six months, a brand new Android malware pressure has made a reputation after popping up on the radar of few antivirus corporations, and annoying customers due to a self-reinstall mechanism that has made it close to inconceivable to take away.
xHelper, the malware was first noticed again in March however slowly expanded to contaminate greater than 32,000 units by August (per Malwarebytes), ultimately reaching a complete of 45,000 infections this month.
The malware is on a clear trajectory. Symantec says the xHelper crew is making on frequent 131 new victims per day and round 2,400 new victims per thirty days. Most of those infections have been noticed in India, the US, and Russia.
In line with Malwarebytes, the supply of those infections is “net redirects” that ship customers to net pages internet hosting Android apps. These websites instruct customers to learn how to aspect-load unofficial Android apps from outdoors, the Play Retailer. The code hidden in these apps downloads the helper trojan.
The excellent news is that the trojan does not perform damaging operations. In response to each Malwarebytes and Symantec, for many of its operational lifespan, the trojan has proven intrusive popup advertisements and notification spam. The adverts and notifications redirect customers to the Play Retailer, the place victims are requested to put in different apps — a method using which the xhelper gang is earning profits from pay-per-install commissions.
However, the factor that is most “interesting” is that xHelper doesn’t work like most different Android malware. Once the trojan features entry to an Android device through a preliminary app, xHelper installs itself as a separate self-standing service.
Uninstalling the unique app won’t remove xHelper, and the trojan will proceed to stay on customers’ gadgets, persevering with to indicate popups and notification spam.