Security researchers from Symantec have confirmed xHelper malware which has currently infected over 45,000 android devices. This report comes months after Malwarebyte lab noticed the malware months ago.
The malware is spreading rapidly in what Symantec calls “a surge in detections,” at an average of 131 devices infected each day, and an average of 2,400 devices persistently infected throughout the month. Latest reports confirmed its hit over 45,000 android devices mostly in India, US and Russia.
ONCE ITS IN, IT STICKS
Malwarebytes researchers believe it’s being spread via shady game websites that trick unsuspecting users into downloading apps from untrusted third-party sources.
Sean Wright, a security specialist who spoke to Forbes, said: “my recommendation is to only install apps via the official app stores unless you know for certain the validity of the app in question.”
The most concerning aspect of Xhelper, though, is that it is persistent. How persistent you may be wondering? “It is able to reinstall itself after users uninstall it,” the researchers said, adding that the malware keeps reappearing even after users have manually uninstalled it. What’s more, according to the research report, even a full factory reset cannot stop Xhelper from reappearing.
The malware doesn’t pose particularly any security threat at the moment, other spamming users with intrusive pop-up and notifications. However, the malware can be morphed from adware to a security threat capable of installing other malicious applications on the device or even remotely taking over the device entirely.