Beware this sneaky Android malware that reinstalls itself after a factory reset
Security experts have identified a particularly stubborn strain of Android malware that somehow manages to reinstall it on a victim’s device, even after they’ve performed a full factory reset.
The malware, known as xHelper, was first discovered and documented by researchers from security company Malwarebytes in May 2019. It was identified as a trojan dropper, which installs malicious APKs on your phone without your knowledge or permission.
If you start to see new app and notification icons that you don’t recognize, there’s a chance that your phone has been infected with this type of malware, though it’s not always obvious; malware is often disguised as legitimate system applications, and the icons can be hidden away.
Déjà vu
As Ars Technica explains, Malwarebytes has now published an account from a victim who went to huge lengths to purge her phone of two xHelper variants, including performing a full factory reset. Each time she managed to remove the malware, it reappeared on her device within an hour.
Malware is a serious problem for Android phones, which typically come with between 100 and 400 apps pre-installed. If just one of those apps is compromised, devices will be infected before they even find their way into customers’ hands.
The security researchers suspected this might be the issue with xHelper, particularly since the infected phone was from a lesser-known manufacturer, but even removing its pre-installed apps didn’t solve the problem.
Eventually, an exploration of the phone’s system files revealed an APK that installed an xHelper variant on the phone. Strangely, this seemed to be triggered by something in the Google Play Store app, though Google Play itself was unaffected.
The team managed to remove the malware, but it was unclear how the file came to be on the phone in the first place, or how it survived a factory reset.
Security experts have identified a particularly stubborn strain of Android malware that somehow manages to reinstall it on a victim’s device, even after they’ve performed a full factory reset. The malware, known as xHelper, was first discovered and documented by researchers from security company Malwarebytes in May 2019. It was…
Recent Posts
- Google’s making it easier for people with low vision to find objects using their phone
- Ransomware attacks hijack Windows Quick Assist feature
- LG’s $100,000 rollable OLED TV is canceled
- Strava is finally adding Dark Mode, AI analytics, family plans and more
- Strava will add AI, dark mode, and night heatmaps
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011