This Malware Is Irremovable And It Might Target Jio Phones Next

A new type of malware targeting Android has been detected. So far, there have been over 45,000 devices falling victim to it in the past six months. What is so dangerous about this malware is that it can reinstall itself after being removed manually.

Symantec, a cybersecurity firm, is behind this finding. The malware was first detected by MalwareBytes back in May.

Experts call the Trojan xHelper, and its victims are mostly in Russia, India, and the U.S. Ever since it was identified, it has made its way to the top 10 on the list of most detected malware.

According to Symantec, last month alone saw around 131 devices infected each day and a total of over 2,400 Android handsets a month. MalwareBytes also shared that the affected number stood at 33,000, meaning in the last two months, there has been a fast growth in the number of victims.

Mysterious Origins

We have not had any clue on the origin of xHelper, and experts still investigate to find out about where it came from. So far, Symantec’s best guess is the affected users have used an unknown source to download apps. And even after they have removed the malware manually or even do a factory reset, the app will keep being saved into the phone.

Researchers of MalwareBytes suspected that the Trojan makes its way to Android devices via a game website that tricks users into downloading apps from shady third-party sources.

xHelper can operate in silence in the background, and it will not show an icon or a shortcut icon on the home screen of the affected device. The only way you can find it is to open the settings app and see the section for app information.

Since there is no icon, the app cannot be launched manually. To fix this issue, it uses external triggers, such as the infected device being connected or disconnected from the power source, apps being installed or uninstalled, the device being rebooted. xHelper can also disguise itself as a foreground app to lessen the chance of being exposed.

From Adware To Potent Threat

On the bright side, the malware does not do anything too harmful to the device other than filling the handset with ads and free game notifications. This might frustrate users because ads will keep popping up in front of them, but they will not lose personal data or anything.

xHelper on its own does not do much to your phone, but it can be used to infect the device with additional malware that can do serious harm.

So if this theory becomes true, the situation can quickly escalate from an annoying ad-showing malware to a serious security threat. One of the worst scenarios is hackers can steal your logins to bank accounts or take over the phone.

According to Symantec, xHelper is expanding its capacities and constantly adapting to infect new devices. While inspecting its code, experts found several Jio-labelled variables, suggesting that the malware may target users of Jio phones in the future.

If this is true, the problem might become even more severe than it is now, since Jio is Indian second largest network with the number of subscribers is 300 million.

To protect your devices against the attack of the malware, remember to keep the software of your phone up-to-date. Another thing to do is to avoid downloading apps from untrusted sources.