If you are an Android user then you have to be more careful while downloading any apps, as reports claimed that Android phones are most vulnerable to malware attacks. Recently researchers informed users about vulnerabilities, as well as malicious apps which they have downloaded from Google Play and now the experts found a new kind of malware which is capable of reinstalling itself and has already infected more than 45,000 Android devices over the last six months.
As per the security researchers, even after removing it manually, this malware, called "xHelper," the Trojan can reinstall itself in an Android device. As per the latest findings, by cybersecurity company Symantec that came after similar disclosure by Malwarebytes in May 2019, this Trojan malware affecting mostly users in India, US and Russia. It should be noted that xHelper can hide itself from users, download additional malicious apps and display continuous advertisements.
While Malwarebytes reported that "With xHelper being on our top 10 most detected list, there is a good chance Android users might come across it. Since we added the detection in mid-May 2019, it has been removed from nearly 33,000 mobile devices running Malwarebytes for Android," Symantec mentioned that in the last month "there was an average of 131 devices infected each day, and an average of 2,400 devices persistently infected throughout the month."
As per the researchers, the malicious app is being distributed via websites that encourage users to sideload apps onto their Android device. These apps then install the xHelper trojan and soon after that the app proceeds to spam the device with notifications, as well as pop-up ads. As per the experts from both cybersecurity firms, the app's dark activities are only limited to promote and encourage users to download other apps or play online games. The experts believe that it is likely the primary source of revenue for the threat actors behind the malicious app, as each click or install fills their bags with money.
"xHelper comes in two variants: full-stealth and semi-stealth. The semi-stealth version is a bit more intriguing, so we'll start with this one," said Malwarebytes explaining that in both situation the app doesn't create an app icon or shortcut icon to ensure users do not notice the app's presence on their Android device. So if a user can't notice the apps then he cannot uninstall it also.
Even though it is always recommended that to safeguard a device, users should keep the apps updated and stick to the Google Play Store for downloading apps, recent reports showed that Play Store also includes many malware-infected apps. Just a few days ago researchers found 42 malicious android apps, which were removed by Google that had been downloaded eight million times to Android phones and other devices.