Over the course of the past six months, more than 45,000 Android devices have been struck with a malware that has left researchers scrambling to find the infection vector. The persistent malware dubbed Xhelper can hide itself from users, download malicious apps onto the phone and display pop-up advertisements, stated researches from Symantec. Infected Android phones have been detected in the U.S, India, and Russia. A plethora of samples have been analyzed but none have turned up results connecting the malware to any apps on the Google Play Store. It is realistic to think that Xhelper could be preinstalled on some devices as an application component. The code for Xhelper has changed significantly since it was first seen in March 2019.
Analyst Notes
This is not the first time that security researchers have discovered malware that may come pre-installed on new phones. In research presented at the Black Hat security conference in August 2019, Android’s security team reported the discovery of two major malware campaigns hidden in preinstalled apps over the last three years, one called Chamois and the other called Triada. Together, they infected tens of millions of low-budget Android devices from the moment they were shipped out. Google did not specify which phones were affected. It is important to purchase a phone from a recognized and respected brand. Android users should keep their software up to date and be sure to install updates when they’re available. It is also recommended to only download apps from trusted sources and stay away from apps offered by unfamiliar sources. Users should consider running antivirus scans regularly; this will help detect potential risks towards the device and will allow the device owner to rectify any issues. For more information on this matter please visit here: https://threatpost.com/android-malware-45k-devices-mystery/149654/, https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware, https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/
