45,000 is the number of smartphones operating on Android that have fallen victim to a malware called “XHelper”. The peculiarity of this malicious program lies in the fact that, even when uninstalled, it can resurface on infected terminals.
XHelper’s infection was discovered by cybersecurity expert Symantec, who said over 45,000 Android devices were targeted during the last six months of the current year. If it is not terrible, compared to other malware that targets Google’s mobile OS, XHelper has the particularity to reinstall itself once it is deleted by users.
It turned out that even by performing a factory reset, XHelper can reinstall itself. Symantec reported that the infection is through downloads on third-party sites, inviting Android users to install applications whose source is unknown on their devices.
Once an infected terminal, XHelper begins to broadcast pop-up advertising notifications, encouraging users to download other fraudulent apps. Symantec experts say that this mode of operation would allow malware developers to generate “considerable” profits from its business.
XHelper would exploit several flaws in the system, which allow it to reinstall itself discreetly with each removal. Other Malwarebytes experts have indicated that the program does not create icons or related files, to detect its presence on the system, which complicates its traceability. The latter would therefore launch each time the device is turned on and restarted, without the users noticing it.
The developers of Symantec have still not managed to decode the operating mode of the malware which allows it to reappear with each deletion. In this sense, experts from Symantec and Malwarebytes invite Android users not to access questionable sites or install applications from unknown sources.