Over the course of the past six months, more than 45,000 Android devices have been struck with a malware that has left researchers scrambling to find the infection vector. The persistent malware dubbed Xhelper can hide itself from users, download malicious apps onto the phone and display pop-up advertisements, stated researches from Symantec. Infected Android phones have been detected in the U.S, India, and Russia. A plethora of samples have been analyzed but none have turned up results connecting the malware to any apps on the Google Play Store. It is realistic to think that Xhelper could be preinstalled on some devices as an application component. The code for Xhelper has changed significantly since it was first seen in March 2019.
Note: this post was originally shared on https://squiblydoo.blog/ by a member of the Binary Defense Team. In