Android WARNING: A ‘new era in mobile malware’ could have infected your phone
A. Adedayo Gbenga
Feb. 18, 2020
ANDROID users are being alerted to a fresh new threat which could leave their devices at risk from a "new era in mobile malware".
Android smartphone owners must be getting pretty used to the daily warnings about malware-filled apps and device-infecting adware. Threats continue to arrive thick and fast but the latest alert could be one the most concerning to date.
A new report from the team at Malwarebytes has uncovered a new attack which is able to reinfect a phone even after everything is deleted and a full factory reset has been performed.
The bug is so bad that mobile researcher, Nathan Collier, said: “This is by far the nastiest infection I have encountered.”
This shock Android Trojan is called xHelper and was actually discovered last year with it aimed at infecting Google-powered devices with malware.
However, it now seems this attack is far more serious than first thought with one Android user getting in touch with Malwarebytes to report the bug kept returning despite her performing full factory resets.
Speaking on a forum page the owner said: “I have a phone that is infected with the xhelper virus. This tenacious pain just keeps coming back.
“I’m fairly technically inclined so I’m comfortable with common prompt or anything else I may need to do to make this thing go away so the phone is actually usable!”
After digging into the settings and routing through endless folders on her phone, Malwarebytes discovered a hidden package that is able to re-install itself each time a device is reset.
Google lets slip Android 11 details months before release date
More concerning is the discovery that something within Google Play was actually triggering the re-infection.
Malwarebytes is keen to point out that Google Play is not actually infected with malware. However, something within it is somehow triggering the re-infection,
Furthermore, that something could also be using Google PLAY as a smokescreen, falsifying it as the source of malware installation when in reality, it was coming from someplace else.
“It’s important to realise that unlike apps, directories and files remain on the Android mobile device even after a factory reset. Therefore, until the directories and files are removed, the device will keep getting infected,” said Malwarebytes’ Nathan Collier.
If you are experiencing re-infections of xHelper, here’s how to remove it:
• Install a file manager from the Google Play Store that has the capability to search files and directories
• Disable the Google Play Store temporarily to stop re-infection
• Go to Settings > Apps > Google Play Store
• Press Disable button
• Run a scan in Malwarebytes for Android to remove xHelper and other malware
• Manually uninstalling can be difficult, but the names to look for in Apps info are fireway, xhelper, and Settings (only if two settings apps are displayed)
• Open the file manager and search for anything in storage starting with com.mufc
• If found, make a note of the last modified date
Speaking about the new threat Collier added: “This, however, marks a new era in mobile malware. The ability to re-infect using a hidden directory containing an APK that can evade detection is both scary and frustrating.
"We will continue analysing this malware behind the scenes. In the meantime, we hope this at least ends the chapter of this particular variant of xHelper.”
''My Parents Couldn't Afford To Subscribe For Sport Channels'' - IghaloChargeable WiFi Zones In Nairobi Where You Can Surf For Only Sh10Coronavirus: North-South divide ahead of key EU meetingReal Madrid Reduces Pressure On Barcelona After Losing To Real BetisMicrosoft Increasing Ads, Testing Ads in WordPad