The campaign began months ago, a new piece of malware dubbed Xhelper has infected more than 45,000 Android devices in just six months and is continuing to spread at a fast space.
Malware researchers at Symantec estimated that the
“Symantec has observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements.” reads the analysis published by Symantec. “The app, called Xhelper, is persistent. It is able reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The app has infected over 45,000 devices in the past six months.”
The experts observed several users posting about Xhelper on online forums, as a result of the infection, the users are complaining
Android users reported that despite they have rebooted their devices and also wiped them, the
Upon execution, the malware will register itself as a foreground service, once it has gained a foothold on the device, it will execute its core malicious
“Upon successful connection to the C&C server, additional payloads such as droppers,
Security experts suspect the malicious code is included in a system app
Researchers pointed out that the sample they have analyzed were not available on the Google Play Store
“From our telemetry, we have seen these apps installed more frequently on certain phone brands, which leads us to believe that the attackers may be focusing on specific brands.” continues the analysis.
Of course, we cannot exclude that the
Symantec believes that the malware’s source code is still a work in progress due to the presence in the source code of classes and constant variables that have yet to be implemented.
Researchers advise users to take the following precautions: