At least 45,000 Android devices infected with unremovable malware

For story suggestions or custom animation requests, contact [email protected] Visit http://archive.nextanimationstudio.com to view News Direct's complete archive of 3D news animations.

RESTRICTIONS: Broadcast: NO USE JAPAN, NO USE TAIWAN Digital: NO USE JAPAN, NO USE TAIWAN
Researchers at cybersecurity firms Malwarebytes and Symantec have uncovered an Android trojan called xHelper that is able to reinstall itself even after users have uninstalled it.

According to Symantec, the malware has already infected more than 45,000 devices, mainly in the U.S., India and Russia, over the last six months.

Malwarebytes explained in a blogpost that the malware is installed through web redirects that take users to web pages that host unofficial Android apps. These unofficial apps include code that installs the xHelper trojan onto a users' phone once these apps have been downloaded.

The malware shows users popup ads and notification spam, though it doesn't seem to carry out any sketchy operations, according to Malwarebytes.

The ads and notifications lead users to Google's Play Store where they are asked to download more apps — a method by which authors of the xHelper trojan earn money each time these apps are installed.

Even if users restore their Android phones back to factory settings or manually uninstall the malware, the xHelper trojan is able to reinstall itself.

Symantec advised users to take precautions and not download apps from unfamiliar sites and to only install apps from trusted sources.

The company also advised users to pay close attention to permissions the app is seeking, backup important data frequently and install a suitable mobile security app to protect their device.

RUNDOWN SHOWS:
1. Malware being downloaded onto an Android phone
2. How the malware is installed
3. Malware shows users popup ads and notification spam
4. Malware is able to reinstall itself onto Android phones even if users restore their phone back to factory settings or manually uninstall the malware

VOICEOVER (in English):

"Researchers at cybersecurity firms Malwarebytes and Symantec have uncovered an Android trojan called xHelper that is able to reinstall itself even after users have uninstalled it."

"According to Symantec, the malware has already infected more than 45,000 devices, mainly in the U.S., India and Russia, over the last six months."

"Malwarebytes explained in a blogpost that the malware is installed through web redirects that take users to web pages that host unofficial Android apps."

"These unofficial apps include code that installs the xHelper trojan onto a users' phone once these apps have been downloaded."

"The malware shows users popup ads and notification spam, though it doesn't seem to carry out any sketchy operations, according to Malwarebytes."

"The ads and notifications lead users to Google's Play Store where they are asked to download more apps — a method by which authors of the xHelper trojan earn money each time these apps are installed."

"Even if users restore their Android phones back to factory settings or manually uninstall the malware, the xHelper trojan is able to reinstall itself."

"According to ZDNet, some users have said even after disabling the 'Install apps from unknown sources' option after manually uninstalling the app, their device was reinfected with the malware in a matter of minutes."

SOURCES: ZDNet, Malwarebytes LABS, Symantec
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/
https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware