Android Malware Xhelper Rises Again

The Google Play Store is home to countless useful apps, but not any product downloaded from it turns out to be beneficial for your device. Google’s app store improved the lives of people very much, with apps like Google Maps, Facebook, Facebook Messenger, Instagram, Booking.com, WhatsApp, Gmail, YouTube, Dropbox, Outlook, and many others. Also, gaming is part of almost anybody’s life these days, and the giant tech company from Mountain View didn’t neglect that area as well. The store offers dozens of Android games to choose from, grouped by categories – action, sports, strategy, racing, etc.

Even so, it’s better to avoid some of the apps from the store, and one of them is Xhelper, a new malware on the rise.  When it infests apps, they are being traced to unofficial sources outside Google Play Store.

First report of the evil schemes of the app was in March

The cyber security company Symantec had to reckon back in March with the malware dubbed as Xhelper. The advertisement gimmick of the app didn’t show great reasons to worry, but we can be sure that Xhelper is on the rise now since it affected around 45,000 devices.

Xhelper has some standard malware traits, and it doesn’t contain within itself the payload. It does contain instead encrypted functions to communicate with a C&C server. It then uses an SSL feature to mask the communication with the remote server and the download of the actual payload that can range from clickers to rootkits.

Perhaps the strongest feature of the app is that it does whatever it can to avoid being detected by the user. Regular apps can be easily noticed and deleted. Xhelper is one pesky little thing since it can survive even after factory resets.

Xhelper is targeting specific brands of phones with Android OS from the US, Russia, and India.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *