A new piece of malware dubbed Xhelper has infected more than 45,000 Android devices in just the last six months and is continuing to spread.
The campaign began months ago, a new piece of malware dubbed Xhelper has infected more than 45,000 Android devices in just six months and is continuing to spread at a fast space.
Malware researchers at Symantec estimated that the
“Symantec has observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements.” reads the analysis published by Symantec. “The app, called Xhelper, is persistent. It is able reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The app has infected over 45,000 devices in the past six months.”
The experts observed several users posting about Xhelper on online forums, as a result of the infection, the users are complaining
Android users reported that despite they have rebooted their devices and also wiped them, the
Upon execution, the malware will register itself as a foreground service, once it has gained a foothold on the device, it will execute its core malicious
“Upon successful connection to the C&C server, additional payloads such as droppers,
Security experts suspect the malicious code is included in a system app
Researchers pointed out that the sample they have analyzed were not available on the Google Play Store
“From our telemetry, we have seen these apps installed more frequently on certain phone brands, which leads us to believe that the attackers may be focusing on specific brands.” continues the analysis.
Of course, we cannot exclude that the
Symantec believes that the malware’s source code is still a work in progress due to the presence in the source code of classes and constant variables that have yet to be implemented.
Researchers advise users to take the following precautions:
- Keep your software up to date.
- Do not download apps from unfamiliar sites.
- Only install apps from trusted sources.
- Pay close attention to the permissions requested by apps.
- Install a suitable mobile security app, such as Norton or Symantec Endpoint Protection Mobile, to protect your device and data.
- Make frequent backups of important data.
The post Xhelper, a new piece of Android malware that is infecting 2K+ devices each month appeared first on Security Affairs.