Connect with us


xHelper Malware from Google Play Infected Silently Android Devices



xHelper Malware from Google Play Infected Silently Android Devices

A malware usually ends up uninstalling it through antivirus or by directly finding the files manually. In the worst case, you erase the entire PC or phone by restoring it from the factory to make sure everything has been deleted.

However, some malware seems to persist and install themselves again even when restoring the entire device. This is what is happening with the xHelper. It is Trojan on Android phones that security experts do not yet know how to get rid of it.

According to an investigation by Malwarebytes, a virus called xHelper was discovered already last year.

The malware does not die even when you factory reset the android device. It is a relatively small malware. According to analysts, it is positively detected in about 33,000 devices and mainly in the United States.

Its purpose is to serve as a Trojan to execute commands from outside on the device and thus install for example, unauthorized applications. The permissions that a malware obtains on the phone can be varied.

But despite how little it has spread (or that we know it has spread), it is certainly a malware to take into account for its ability to resist being eliminated. Basically, every time the user removes the malware, it appears again an hour later in the same file system directory. In fact, even after erasing the entire phone and restoring it from scratch, it is impossible to get rid of the Trojan.

The Toughest Smartphone Virus So Far

This is what researchers have described as the toughest malware they have seen on a mobile. They discovered that the source of the reinfections was a series of folders that, when you turned on, the mobile installed the xHelper APK.

These folders are removed and prevented from reinstalling xHelper, Right? No. To the surprise of the researchers, the folders were not deleted either manually or after resetting the entire Android phone.

Files Inside Xhelper Malware

According to Malwarebytes, researchers have not yet been able to know how exactly xHelper remains on the phone after deleting the entire system. At first, they believed that it implied to the phone that they were inside a microSD so that the phone would not delete the files.

xHelper remains on the phone after deleting the entire system

However, they discarded this idea since it also happened in phones without microSD. The only thing they know for sure at the moment is that somehow the malware persists inside the Google Play.

The temporary solution they have found is to deactivate the Google Play Store app from the system settings and then delete the xHelper folders manually from the file system. Most Android-based viruses accompany an app that has been installed by the user and thus enter the phone.

Unfortunately, Malwarebytes has found that somehow the xHelper Trojan is being installed from the Play Store itself.

xHelper Trojan is being installed from the Play Store

Indeed, android uses some permanent folders in the system that are not deleted when reinstalling the operating system. These folders contain files to execute the basic functions of the phone. In principle, no one should have access to these folders beyond Google and Android itself, but it seems that they can be manipulated.

Ben is a digital entrepreneur and founder of He is a technology passionate who loves sharing his ideas on smartphones and gadgets. He looks forward to imparting the spectrum of his insight and verdicts on the ‘Technology-driven world’ of today. He plans to take OntechEdge forward with the consistent support from you readers, friends and family! Ben Kemp is also author of the book "How To Tell a Story On Social Media in 2020". Direct email address: [email protected]